Yeting Li - Security Researcher - Exploit Intelligence Platform

CVE-2021-23353 WRITEUP MEDIUM WRITEUP

Parall Jspdf < 2.3.1 - Denial of Service

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.

CVSS 5.9

View Code

CVE-2021-23382 WRITEUP MEDIUM WRITEUP

Postcss < 7.0.36 - Denial of Service

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).

CVSS 5.3

View Code

CVE-2021-29061 WRITEUP HIGH WRITEUP

Vfsjfilechooser2 < 0.2.9 - Resource Allocation Without Limits

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.

CVSS 7.5

View Code

CVE-2021-3733 WRITEUP MEDIUM WRITEUP

urllib - ReDOS

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

CVSS 6.5

View Code

CVE-2021-3807 WRITEUP HIGH WRITEUP

ansi-regex - Inefficient Regular Expression Complexity

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

CVSS 7.5

View Code