CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2023-30608 MEDIUM
sqlparse >=0.1.15 <0.4.4 - Denial of Service via Inefficient Regular Expression
CVSS 5.5
CVE-2023-27704 MEDIUM
Everything < 1.4.1.1022 - Regular Expression Denial of Service
CVSS 5.5
CVE-2023-26112 LOW
configobj < 5.0.9 - Regular Expression Denial of Service via Validate Function
CVSS 3.7
CVE-2023-28756 MEDIUM
Ruby Time < 0.2.2 - Inefficient Regular Expression Complexity in Time Parser
CVSS 5.3
CVE-2023-28755 MEDIUM
URI < 0.10.0, 0.10.0-0.10.1, 0.11.0, 0.12.0 - Inefficient Regular Expression Complexity
CVSS 5.3
CVE-2023-26118 MEDIUM
angularjs 1.4.9-1.8.3 - Regular Expression Denial of Service via URL Input Validation
CVSS 5.3
CVE-2023-26117 MEDIUM
angularjs 1.0.0-1.8.2 - Regular Expression Denial of Service via $resource Service
CVSS 5.3
CVE-2023-26116 MEDIUM
angularjs 1.2.21-1.8.2 - Regular Expression Denial of Service via angular.copy()
CVSS 5.3
CVE-2023-26103 MEDIUM
deno < 1.31.0 - Regular Expression Denial of Service via WebSocket Header Parsing
CVSS 5.3
CVE-2023-24807 HIGH
Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization
CVSS 7.5
CVE-2023-22799 HIGH
GlobalID < 1.0.1 - Denial of Service via Inefficient Regular Expression Complexity
CVSS 7.5
CVE-2023-22796 HIGH
Activesupport < 6.1.7.1 - Denial of Service
CVSS 7.5
CVE-2023-22795 HIGH
Rails < 6.1.7.1 and < 7.0.4.1 - Denial of Service via If-None-Match Header Regex
CVSS 7.5
CVE-2023-22792 HIGH
Rails 3.0.0-5.2.8.14 and 6.0.0-6.0.6.0 - Denial of Service via Regular Expression Backtracking in Action Dispatch
CVSS 7.5
CVE-2023-25167 MEDIUM
Discourse < 3.0.1 - Regular Expression Denial of Service via Git URL
CVSS 6.5
CVE-2023-25166 MEDIUM
hapi/formula < 3.0.1 - Denial of Service via Inefficient Regular Expression
CVSS 5.5
CVE-2023-23925 HIGH
switcher_client < 3.1.4 - Regular Expression Denial of Service via Strategy Match Operation
CVSS 8.6
CVE-2023-23621 HIGH
Discourse < 3.0.1 - Regular Expression Denial of Service via User Agent
CVSS 8.6
CVE-2023-24038 HIGH
HTML-StripScripts < 1.06 - Inefficient Regular Expression Complexity in _hss_attval_style
CVSS 7.5
CVE-2023-22467 HIGH
Luxon 1.x < 1.38.1, 2.x < 2.5.2, 3.2.1 - Denial of Service via RFC2822 Date Parsing
CVSS 7.5
CVE-2022-25883 MEDIUM
npmjs/semver <5.7.2 and >=7.0.0 <7.5.2 - Regular Expression Denial of Service via Range Function
CVSS 5.3
CVE-2022-44572 HIGH
Rack < 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1 - Denial of Service via Multipart Boundary Parsing
CVSS 7.5
CVE-2022-44571 HIGH
Rack 2.0.0-2.0.9.1 - Denial of Service via Content-Disposition Header Parsing
CVSS 7.5
CVE-2022-44570 HIGH
Rack 1.5.0-2.0.9.1 - Denial of Service via Range Header Parsing
CVSS 7.5
CVE-2022-25881 MEDIUM
http-cache-semantics <4.1.1 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits