Yeting Li

5 exploits Active since Mar 2021
CVE-2021-23353 WRITEUP MEDIUM WRITEUP
jspdf < 2.3.1 - Regular Expression Denial of Service via addImage Function
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
CVSS 5.9
CVE-2021-23382 WRITEUP MEDIUM WRITEUP
postcss < 7.0.36 and 8.0.0-8.2.13 - Regular Expression Denial of Service via getAnnotationURL() and loadAnnotation()
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).
CVSS 5.3
CVE-2021-29061 WRITEUP HIGH WRITEUP
vfsjfilechooser2 < 0.2.9 - Regular Expression Denial of Service via URI Validation
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.
CVSS 7.5
CVE-2021-3733 WRITEUP MEDIUM WRITEUP
Python < 3.6.14 - Regular Expression Denial of Service in urllib AbstractBasicAuthHandler
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVSS 6.5
CVE-2021-3807 WRITEUP HIGH WRITEUP
ansi-regex - Inefficient Regular Expression Complexity
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
CVSS 7.5