Common Weakness Enumeration

CWE-1333

Allowed

Inefficient Regular Expression Complexity

Abstraction: Base · Status: Draft

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

724 vulnerabilities reference this CWE, most recent first.

CVE-2025-2937 (GCVE-0-2025-2937)

Vulnerability from cvelistv5 – Published: 2025-08-13 17:26 – Updated: 2025-08-13 20:03
VLAI
Title
Inefficient Regular Expression Complexity in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
URL Tags
https://gitlab.com/gitlab-org/gitlab/-/issues/528995 issue-trackingpermissions-required
https://hackerone.com/reports/3058879 technical-descriptionexploitpermissions-required
Impacted products
Vendor Product Version
GitLab GitLab Affected: 13.2 , < 18.0.6 (semver)
Affected: 18.1 , < 18.1.4 (semver)
Affected: 18.2 , < 18.2.2 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [yuki_osaki](https://hackerone.com/yuki_osaki) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T20:03:13.135846Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:03:48.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.0.6",
              "status": "affected",
              "version": "13.2",
              "versionType": "semver"
            },
            {
              "lessThan": "18.1.4",
              "status": "affected",
              "version": "18.1",
              "versionType": "semver"
            },
            {
              "lessThan": "18.2.2",
              "status": "affected",
              "version": "18.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [yuki_osaki](https://hackerone.com/yuki_osaki) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T17:26:55.506Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #528995",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/528995"
        },
        {
          "name": "HackerOne Bug Bounty Report #3058879",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3058879"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.0.6, 18.1.4, 18.2.2 or above."
        }
      ],
      "title": "Inefficient Regular Expression Complexity in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-2937",
    "datePublished": "2025-08-13T17:26:55.506Z",
    "dateReserved": "2025-03-28T17:30:48.808Z",
    "dateUpdated": "2025-08-13T20:03:48.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2833 (GCVE-0-2025-2833)

Vulnerability from cvelistv5 – Published: 2025-03-27 04:00 – Updated: 2025-03-27 13:41
VLAI
Title
zhangyd-c OneBlog HTTP Header redos
Summary
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
  • CWE-400 - Resource Consumption
Assigner
References
URL Tags
https://vuldb.com/?id.301470 vdb-entrytechnical-description
https://vuldb.com/?ctiid.301470 signaturepermissions-required
https://vuldb.com/?submit.521813 third-party-advisory
https://github.com/zhangyd-c/OneBlog/issues/35 issue-tracking
https://github.com/zhangyd-c/OneBlog/issues/35#is… exploitissue-tracking
Impacted products
Vendor Product Version
zhangyd-c OneBlog Affected: 2.3.0
Affected: 2.3.1
Affected: 2.3.2
Affected: 2.3.3
Affected: 2.3.4
Affected: 2.3.5
Affected: 2.3.6
Affected: 2.3.7
Affected: 2.3.8
Affected: 2.3.9
Create a notification for this product.
Credits
s1mple_xy (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2833",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T13:41:44.373363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T13:41:47.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/zhangyd-c/OneBlog/issues/35#issue-2914268214"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/zhangyd-c/OneBlog/issues/35"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP Header Handler"
          ],
          "product": "OneBlog",
          "vendor": "zhangyd-c",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.0"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            },
            {
              "status": "affected",
              "version": "2.3.2"
            },
            {
              "status": "affected",
              "version": "2.3.3"
            },
            {
              "status": "affected",
              "version": "2.3.4"
            },
            {
              "status": "affected",
              "version": "2.3.5"
            },
            {
              "status": "affected",
              "version": "2.3.6"
            },
            {
              "status": "affected",
              "version": "2.3.7"
            },
            {
              "status": "affected",
              "version": "2.3.8"
            },
            {
              "status": "affected",
              "version": "2.3.9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "s1mple_xy (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in zhangyd-c OneBlog bis 2.3.9 ausgemacht. Es betrifft eine unbekannte Funktion der Komponente HTTP Header Handler. Durch Manipulation des Arguments X-Forwarded-For mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-27T04:00:05.554Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-301470 | zhangyd-c OneBlog HTTP Header redos",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.301470"
        },
        {
          "name": "VDB-301470 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.301470"
        },
        {
          "name": "Submit #521813 | https://github.com/zhangyd-c/OneBlog oneblog 2.3.9 redos",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.521813"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/zhangyd-c/OneBlog/issues/35"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/zhangyd-c/OneBlog/issues/35#issue-2914268214"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-26T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-26T21:34:41.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "zhangyd-c OneBlog HTTP Header redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2833",
    "datePublished": "2025-03-27T04:00:05.554Z",
    "dateReserved": "2025-03-26T20:29:38.451Z",
    "dateUpdated": "2025-03-27T13:41:47.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2811 (GCVE-0-2025-2811)

Vulnerability from cvelistv5 – Published: 2025-04-26 07:00 – Updated: 2025-04-28 18:09
VLAI
Title
GL.iNet GL-A1300 Slate Plus API redos
Summary
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
  • CWE-400 - Resource Consumption
Assigner
Impacted products
Vendor Product Version
GL.iNet GL-A1300 Slate Plus Affected: 4.x
Create a notification for this product.
GL.iNet GL-AR300M16 Shadow Affected: 4.x
Create a notification for this product.
GL.iNet GL-AR300M Shadow Affected: 4.x
Create a notification for this product.
GL.iNet GL-AR750 Creta Affected: 4.x
Create a notification for this product.
GL.iNet GL-AR750S-EXT Slate Affected: 4.x
Create a notification for this product.
GL.iNet GL-AX1800 Flint Affected: 4.x
Create a notification for this product.
GL.iNet GL-AXT1800 Slate AX Affected: 4.x
Create a notification for this product.
GL.iNet GL-B1300 Convexa-B Affected: 4.x
Create a notification for this product.
GL.iNet GL-B3000 Marble Affected: 4.x
Create a notification for this product.
GL.iNet GL-BE3600 Slate 7 Affected: 4.x
Create a notification for this product.
GL.iNet GL-E750 Affected: 4.x
Create a notification for this product.
GL.iNet GL-E750V2 Mudi Affected: 4.x
Create a notification for this product.
GL.iNet GL-MT300N-V2 Mango Affected: 4.x
Create a notification for this product.
GL.iNet GL-MT1300 Beryl Affected: 4.x
Create a notification for this product.
GL.iNet GL-MT2500 Brume 2 Affected: 4.x
Create a notification for this product.
GL.iNet GL-MT3000 Beryl AX Affected: 4.x
Create a notification for this product.
GL.iNet GL-MT6000 Flint 2 Affected: 4.x
Create a notification for this product.
GL.iNet GL-SFT1200 Opal Affected: 4.x
Create a notification for this product.
GL.iNet GL-X300B Collie Affected: 4.x
Create a notification for this product.
GL.iNet GL-X750 Spitz Affected: 4.x
Create a notification for this product.
GL.iNet GL-X3000 Spitz AX Affected: 4.x
Create a notification for this product.
GL.iNet GL-XE300 Puli Affected: 4.x
Create a notification for this product.
GL.iNet GL-XE3000 Puli AX Affected: 4.x
Create a notification for this product.
Credits
pan.li (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2811",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T18:07:38.354152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T18:09:59.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn\u0027t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "API"
          ],
          "product": "GL-A1300 Slate Plus",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR300M16 Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR300M Shadow",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR750 Creta",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AR750S-EXT Slate",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AX1800 Flint",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-AXT1800 Slate AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-B1300 Convexa-B",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-B3000 Marble",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-BE3600 Slate 7",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-E750",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-E750V2 Mudi",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT300N-V2 Mango",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT1300 Beryl",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT2500 Brume 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT3000 Beryl AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-MT6000 Flint 2",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-SFT1200 Opal",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-X300B Collie",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-X750 Spitz",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-X3000 Spitz AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-XE300 Puli",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "GL-XE3000 Puli AX",
          "vendor": "GL.iNet",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pan.li (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "In GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente API. Mit der Manipulation mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-26T07:00:05.770Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-306286 | GL.iNet GL-A1300 Slate Plus API redos",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.306286"
        },
        {
          "name": "VDB-306286 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.306286"
        },
        {
          "name": "Submit #524459 | glinet MT6000 /MT3000 /MT2500 /AXT1800 /AX1800 /B3000 /A1300 /X300B /X3000 /XE3000 /X750 /SFT1200 /MT1300 /E750 /XE300 /AR750 /AR750S / v4.x Large or infinite loop",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.524459"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Calling%20a%20special%20API%20that%20doesn\u0027t%20require%20login%20and%20passing%20in%20a%20special%20character%20parameter%20results%20in%20100%25%20CPU%20usage.md"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-04-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-04-26T08:38:01.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GL.iNet GL-A1300 Slate Plus API redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2811",
    "datePublished": "2025-04-26T07:00:05.770Z",
    "dateReserved": "2025-03-26T12:11:36.452Z",
    "dateUpdated": "2025-04-28T18:09:59.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2099 (GCVE-0-2025-2099)

Vulnerability from cvelistv5 – Published: 2025-05-19 11:22 – Updated: 2025-05-19 13:45
VLAI
Title
Regular Expression Denial of Service (ReDoS) in huggingface/transformers
Summary
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
huggingface huggingface/transformers Affected: unspecified , < 4.50.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2099",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-19T13:38:03.242262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-19T13:45:13.385Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "huggingface/transformers",
          "vendor": "huggingface",
          "versions": [
            {
              "lessThan": "4.50.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-19T11:22:36.908Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/97b780f3-ffca-424f-ad5d-0e1c57a5bde4"
        },
        {
          "url": "https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57"
        }
      ],
      "source": {
        "advisory": "97b780f3-ffca-424f-ad5d-0e1c57a5bde4",
        "discovery": "EXTERNAL"
      },
      "title": "Regular Expression Denial of Service (ReDoS) in huggingface/transformers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2025-2099",
    "datePublished": "2025-05-19T11:22:36.908Z",
    "dateReserved": "2025-03-07T17:39:16.856Z",
    "dateUpdated": "2025-05-19T13:45:13.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1194 (GCVE-0-2025-1194)

Vulnerability from cvelistv5 – Published: 2025-04-29 11:30 – Updated: 2025-04-29 13:21
VLAI
Title
Regular Expression Denial of Service (ReDoS) in huggingface/transformers
Summary
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
huggingface huggingface/transformers Affected: unspecified , < 4.50.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1194",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-29T13:21:09.310802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-29T13:21:13.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://huntr.com/bounties/86f58dcd-683f-4adc-a735-849f51e9abb2"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "huggingface/transformers",
          "vendor": "huggingface",
          "versions": [
            {
              "lessThan": "4.50.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-29T11:30:38.810Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/86f58dcd-683f-4adc-a735-849f51e9abb2"
        },
        {
          "url": "https://github.com/huggingface/transformers/commit/92c5ca9dd70de3ade2af2eb835c96215cc50e815"
        }
      ],
      "source": {
        "advisory": "86f58dcd-683f-4adc-a735-849f51e9abb2",
        "discovery": "EXTERNAL"
      },
      "title": "Regular Expression Denial of Service (ReDoS) in huggingface/transformers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2025-1194",
    "datePublished": "2025-04-29T11:30:38.810Z",
    "dateReserved": "2025-02-10T14:13:43.276Z",
    "dateUpdated": "2025-04-29T13:21:13.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0367 (GCVE-0-2025-0367)

Vulnerability from cvelistv5 – Published: 2025-01-30 17:04 – Updated: 2025-02-12 19:51
VLAI
Title
Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)
Summary
In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Assigner
Impacted products
Date Public
2025-01-15 00:00
Credits
Kyle Bambrick, Splunk
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T20:13:21.181070Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:51:11.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Supporting Add-on for Active Directory",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kyle Bambrick, Splunk"
        }
      ],
      "datePublic": "2025-01-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack."
            }
          ],
          "value": "In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T17:04:49.734Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2025-0103"
        }
      ],
      "source": {
        "advisory": "SVD-2025-0103"
      },
      "title": "Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2025-0367",
    "datePublished": "2025-01-30T17:04:49.734Z",
    "dateReserved": "2025-01-09T19:59:58.665Z",
    "dateUpdated": "2025-02-12T19:51:11.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-58340 (GCVE-0-2024-58340)

Vulnerability from cvelistv5 – Published: 2026-01-12 23:05 – Updated: 2026-07-14 22:54
VLAI
Title
LangChain <= 0.3.1 MRKLOutputParser ReDoS
Summary
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
LangChain AI LangChain Affected: 0 , ≤ 0.3.1 (semver)
Create a notification for this product.
Credits
LifeTeam2024
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58340",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T16:21:27.783338Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T16:21:35.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "packageURL": "pkg:github/langchain-ai/langchain",
          "product": "LangChain",
          "repo": "https://github.com/langchain-ai/langchain",
          "vendor": "LangChain AI",
          "versions": [
            {
              "lessThanOrEqual": "0.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:*",
                  "versionEndIncluding": "0.3.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LifeTeam2024"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition."
            }
          ],
          "value": "LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:54:52.807Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.langchain.com/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/langchain-ai/langchain"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "LangChain \u003c= 0.3.1 MRKLOutputParser ReDoS",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-58340",
    "datePublished": "2026-01-12T23:05:00.801Z",
    "dateReserved": "2026-01-09T20:28:41.285Z",
    "dateUpdated": "2026-07-14T22:54:52.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-54170 (GCVE-0-2024-54170)

Vulnerability from cvelistv5 – Published: 2025-02-27 14:55 – Updated: 2025-02-27 15:12
VLAI
Title
IBM EntireX denial of service
Summary
IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM EntireX Affected: 11.1
    cpe:2.3:a:ibm:entirex:11.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54170",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T15:12:42.822433Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T15:12:51.277Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:entirex:11.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "EntireX",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM EntireX 11.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.\u003c/span\u003e"
            }
          ],
          "value": "IBM EntireX 11.1\u00a0could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T14:55:47.166Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7184194"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM EntireX denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-54170",
    "datePublished": "2025-02-27T14:55:47.166Z",
    "dateReserved": "2024-11-30T14:47:41.351Z",
    "dateUpdated": "2025-02-27T15:12:51.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52798 (GCVE-0-2024-52798)

Vulnerability from cvelistv5 – Published: 2024-12-05 22:45 – Updated: 2025-01-24 20:03
VLAI
Title
path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
pillarjs path-to-regexp Affected: < 0.1.12
Create a notification for this product.
pillarjs path-to-regexp Affected: 0 , < 0.1.12 (custom)
    cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "path-to-regexp",
            "vendor": "pillarjs",
            "versions": [
              {
                "lessThan": "0.1.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T14:53:29.827845Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T14:54:43.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-24T20:03:11.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250124-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "path-to-regexp",
          "vendor": "pillarjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T22:45:42.774Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
        },
        {
          "name": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
        }
      ],
      "source": {
        "advisory": "GHSA-rhx6-c78j-4q9w",
        "discovery": "UNKNOWN"
      },
      "title": "path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52798",
    "datePublished": "2024-12-05T22:45:42.774Z",
    "dateReserved": "2024-11-15T17:11:13.440Z",
    "dateUpdated": "2025-01-24T20:03:11.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52524 (GCVE-0-2024-52524)

Vulnerability from cvelistv5 – Published: 2024-11-14 17:21 – Updated: 2024-11-21 14:56
VLAI
Title
ReDoS in Giskard Scan text perturbation
Summary
Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
Giskard-AI giskard Affected: < 2.15.5
Create a notification for this product.
giskard-ai giskard Affected: 0 , < 2.15.5 (custom)
    cpe:2.3:a:giskard-ai:giskard:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:giskard-ai:giskard:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "giskard",
            "vendor": "giskard-ai",
            "versions": [
              {
                "lessThan": "2.15.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52524",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T20:21:38.517597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T14:56:20.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "giskard",
          "vendor": "Giskard-AI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.15.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T17:21:50.600Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Giskard-AI/giskard/security/advisories/GHSA-pjwm-cr36-mwv3"
        },
        {
          "name": "https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3"
        }
      ],
      "source": {
        "advisory": "GHSA-pjwm-cr36-mwv3",
        "discovery": "UNKNOWN"
      },
      "title": "ReDoS in Giskard Scan text perturbation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52524",
    "datePublished": "2024-11-14T17:21:50.600Z",
    "dateReserved": "2024-11-11T18:49:23.560Z",
    "dateUpdated": "2024-11-21T14:56:20.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.

Mitigation
System Configuration

Set backtracking limits in the configuration of the regular expression implementation, such as PHP's pcre.backtrack_limit. Also consider limits on execution time for the process.

Mitigation
Implementation

Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.

Mitigation
Implementation

Limit the length of the input that the regular expression will process.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.