CWE-1333
AllowedInefficient Regular Expression Complexity
Abstraction: Base · Status: Draft
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
725 vulnerabilities reference this CWE, most recent first.
GHSA-2P9H-CCW7-33GF
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2026-07-02 20:40An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cleo"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0a1"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-42966"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-10T18:52:40Z",
"nvd_published_at": "2022-11-09T20:15:00Z",
"severity": "MODERATE"
},
"details": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.",
"id": "GHSA-2p9h-ccw7-33gf",
"modified": "2026-07-02T20:40:18Z",
"published": "2022-11-10T12:01:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42966"
},
{
"type": "WEB",
"url": "https://github.com/python-poetry/cleo/pull/285"
},
{
"type": "WEB",
"url": "https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2p9h-ccw7-33gf"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cleo/PYSEC-2022-43178.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/python-poetry/cleo"
},
{
"type": "WEB",
"url": "https://github.com/python-poetry/cleo/releases/tag/2.0.0"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "cleo is vulnerable to Regular Expression Denial of Service (ReDoS)"
}
GHSA-2P9W-5Q3P-G7CV
Vulnerability from github – Published: 2023-06-07 18:30 – Updated: 2024-04-04 04:39An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.
{
"affected": [],
"aliases": [
"CVE-2023-2198"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-07T17:15:10Z",
"severity": "HIGH"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.",
"id": "GHSA-2p9w-5q3p-g7cv",
"modified": "2024-04-04T04:39:38Z",
"published": "2023-06-07T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2198"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1947187"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2QQX-W9HR-Q5GX
Vulnerability from github – Published: 2023-03-30 06:30 – Updated: 2025-11-03 22:30All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "angular"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26117"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-03T13:07:46Z",
"nvd_published_at": "2023-03-30T05:15:00Z",
"severity": "MODERATE"
},
"details": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.",
"id": "GHSA-2qqx-w9hr-q5gx",
"modified": "2025-11-03T22:30:32Z",
"published": "2023-03-30T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26117"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular.js"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"
},
{
"type": "WEB",
"url": "https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "angular vulnerable to regular expression denial of service via the $resource service"
}
GHSA-2RMJ-MQ67-H97G
Vulnerability from github – Published: 2024-09-24 18:34 – Updated: 2025-02-21 15:15Description
Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack.
Affected Spring Products and Versions
org.springframework:spring-web in versions
6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37
Older, unsupported versions are also affected
Mitigation
Users of affected versions should upgrade to the corresponding fixed version. 6.1.x -> 6.1.12 6.0.x -> 6.0.23 5.3.x -> 5.3.38 No other mitigation steps are necessary.
Users of older, unsupported versions could enforce a size limit on If-Match and If-None-Match headers, e.g. through a Filter.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.38"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0"
},
{
"fixed": "6.1.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38809"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-24T18:34:43Z",
"nvd_published_at": "2024-09-27T17:15:12Z",
"severity": "MODERATE"
},
"details": "### Description\nApplications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.\n\n### Affected Spring Products and Versions\norg.springframework:spring-web in versions \n\n6.1.0 through 6.1.11\n6.0.0 through 6.0.22\n5.3.0 through 5.3.37\n\nOlder, unsupported versions are also affected\n\n### Mitigation\nUsers of affected versions should upgrade to the corresponding fixed version.\n6.1.x -\u003e 6.1.12\n6.0.x -\u003e 6.0.23\n5.3.x -\u003e 5.3.38\nNo other mitigation steps are necessary.\n\nUsers of older, unsupported versions could enforce a size limit on `If-Match` and `If-None-Match` headers, e.g. through a Filter.",
"id": "GHSA-2rmj-mq67-h97g",
"modified": "2025-02-21T15:15:57Z",
"published": "2024-09-24T18:34:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38809"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/issues/33372"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-framework"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2024-38809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Spring Framework DoS via conditional HTTP request"
}
GHSA-2RXP-V6PW-CH6M
Vulnerability from github – Published: 2024-10-28 14:10 – Updated: 2025-11-03 22:49Impact
The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;).
This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03.
Patches
The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
Workarounds
Use Ruby 3.2 or later instead of Ruby 3.1.
References
- https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rexml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-49761"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-28T14:10:18Z",
"nvd_published_at": "2024-10-28T15:15:05Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `\u0026#` and `x...;` in a hex numeric character reference (`\u0026#x...;`).\n\nThis does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03.\n\n### Patches\n\nThe REXML gem 3.3.9 or later include the patch to fix the vulnerability.\n\n### Workarounds\n\nUse Ruby 3.2 or later instead of Ruby 3.1.\n\n### References\n\n* https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org",
"id": "GHSA-2rxp-v6pw-ch6m",
"modified": "2025-11-03T22:49:25Z",
"published": "2024-10-28T14:10:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49761"
},
{
"type": "WEB",
"url": "https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f"
},
{
"type": "PACKAGE",
"url": "https://github.com/ruby/rexml"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-49761.yml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241227-0004"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "REXML ReDoS vulnerability"
}
GHSA-2VRF-HF26-JRP5
Vulnerability from github – Published: 2023-03-30 06:30 – Updated: 2025-11-03 22:30All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "angular"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26116"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-03T13:07:51Z",
"nvd_published_at": "2023-03-30T05:15:00Z",
"severity": "MODERATE"
},
"details": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.",
"id": "GHSA-2vrf-hf26-jrp5",
"modified": "2025-11-03T22:30:46Z",
"published": "2023-03-30T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26116"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular.js"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"
},
{
"type": "WEB",
"url": "https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "angular vulnerable to regular expression denial of service via the angular.copy() utility"
}
GHSA-2WW3-FXVQ-293J
Vulnerability from github – Published: 2021-09-29 17:14 – Updated: 2024-10-07 15:09The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [_read_comparison_block()(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file nltk/corpus/reader/comparative_sents.py may cause an application to consume an excessive amount of CPU.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nltk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3828"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-28T20:49:37Z",
"nvd_published_at": "2021-09-27T13:15:00Z",
"severity": "HIGH"
},
"details": "The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [`_read_comparison_block()`(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file `nltk/corpus/reader/comparative_sents.py` may cause an application to consume an excessive amount of CPU.",
"id": "GHSA-2ww3-fxvq-293j",
"modified": "2024-10-07T15:09:21Z",
"published": "2021-09-29T17:14:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3828"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/pull/2816"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2ww3-fxvq-293j"
},
{
"type": "PACKAGE",
"url": "https://github.com/nltk/nltk"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/nltk/PYSEC-2021-356.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "NLTK Vulnerable to REDoS"
}
GHSA-2WXG-6MGC-2CM5
Vulnerability from github – Published: 2025-07-05 09:30 – Updated: 2025-07-05 09:30A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-7074"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-05T09:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-2wxg-6mgc-2cm5",
"modified": "2025-07-05T09:30:30Z",
"published": "2025-07-05T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7074"
},
{
"type": "WEB",
"url": "https://github.com/vercel/hyper/issues/8098"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.314973"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.314973"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.602353"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-333W-RXJ3-F55R
Vulnerability from github – Published: 2018-07-24 20:00 – Updated: 2024-04-22 19:37Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse() method.
Recommendation
Update to v3.0.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "uri-js"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16021"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:53:45Z",
"nvd_published_at": "2018-06-04T19:29:01Z",
"severity": "MODERATE"
},
"details": "Affected versions of `uri-js` is susceptible to a regular expression denial of service vulnerability when user input is sent to the `.parse()` method.\n\n\n\n## Recommendation\n\nUpdate to v3.0.0 or later.",
"id": "GHSA-333w-rxj3-f55r",
"modified": "2024-04-22T19:37:18Z",
"published": "2018-07-24T20:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16021"
},
{
"type": "WEB",
"url": "https://github.com/garycourt/uri-js/issues/12"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-333w-rxj3-f55r"
},
{
"type": "WEB",
"url": "https://nodesecurity.io/advisories/100"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/100"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial Of Service in uri-js"
}
GHSA-355V-2RJX-FPX7
Vulnerability from github – Published: 2024-09-27 12:31 – Updated: 2024-10-01 18:32A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-9277"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-01T18:32:40Z",
"nvd_published_at": "2024-09-27T11:15:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \\src\\backend\\base\\langflow\\interface\\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-355v-2rjx-fpx7",
"modified": "2024-10-01T18:32:40Z",
"published": "2024-09-27T12:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9277"
},
{
"type": "PACKAGE",
"url": "https://github.com/langflow-ai/langflow"
},
{
"type": "WEB",
"url": "https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/interface/utils.py#L65"
},
{
"type": "WEB",
"url": "https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.278659"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.278659"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.410043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Inefficient Regular Expression Complexity in langflow"
}
Mitigation
Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.
Mitigation
Set backtracking limits in the configuration of the regular expression implementation, such as PHP's pcre.backtrack_limit. Also consider limits on execution time for the process.
Mitigation
Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.
Mitigation
Limit the length of the input that the regular expression will process.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.