CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2024-21538 HIGH
cross-spawn < 6.0.6 and 7.0.0-7.0.5 - Regular Expression Denial of Service
CVSS 7.5
CVE-2024-49761 HIGH
REXML < 3.3.9 - Inefficient Regular Expression Complexity in Hex Numeric Character Reference Parsing
CVSS 7.5
CVE-2024-50574 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Denial of Service via Email Header Parsing
CVSS 5.3
CVE-2024-47889 MEDIUM
Rubygems Actionmailer < 6.1.7.9 - Denial of Service
CVE-2024-47888 MEDIUM
Rubygems Actiontext < 6.1.7.9 - Denial of Service
CVE-2024-47887 MEDIUM
Rubygems Actionpack < 6.1.7.9 - Denial of Service
CVE-2024-9506 LOW
Vue 2.0.0-2.7.15 - Regular Expression Denial of Service in parseHTML Function
CVSS 3.7
CVE-2024-48938 HIGH
Znuny 6.0.0-6.0.10 7.0.1-7.0.16 - Denial of Service via Email HTML Parsing
CVSS 7.5
CVE-2024-25885 HIGH
xhtml2pdf 0.2.13 - Denial of Service via getcolor Function ReDOS
CVSS 7.5
CVE-2024-9277 LOW
Langflow < 1.0.18 - Inefficient Regular Expression Complexity via HTTP POST Request Handler
CVSS 3.5
CVE-2024-45813 MEDIUM
find-my-way 5.5.0-8.2.1 and 9.0.0 - Denial of Service via Inefficient Regular Expression
CVSS 5.3
CVE-2024-45801 HIGH
DOMPurify < 2.5.4 - Cross-Site Scripting Bypass via Depth Check Evasion
CVSS 7.3
CVE-2024-8124 HIGH
GitLab 16.4-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Denial of Service via POST Request
CVSS 7.5
CVE-2024-45296 HIGH
path-to-regexp < 1.9.0 and >= 0.2.0 - Denial of Service via Inefficient Regular Expression
CVSS 7.5
CVE-2024-6232 HIGH
CPython < 3.8.20 - Denial of Service via TarFile Header Parsing ReDoS
CVSS 7.5
CVE-2024-7592 HIGH
CPython < 3.8.20 - Inefficient Regular Expression Complexity in http.cookies Module
CVSS 7.5
CVE-2024-3114 MEDIUM
GitLab 11.10-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Invalid Commit Parsing
CVSS 4.3
CVE-2024-2800 MEDIUM
GitLab 11.3.0-17.0.5, 17.1.0-17.1.3, 17.2.0-17.2.1 - Denial of Service via RefMatcher Regex Backtracking
CVSS 6.5
CVE-2024-41818 HIGH
fast-xml-parser >=4.3.5 <4.4.1 - Uncontrolled Resource Consumption via ReDOS in Currency Parser
CVSS 7.5
CVE-2024-41655 HIGH
tf2-item-format 4.2.6-5.9.13 - Regular Expression Denial of Service via Crafted User Input
CVSS 7.5
CVE-2024-39317 MEDIUM
Wagtail 2.0-5.2.5, 6.0-6.0.5 - Denial of Service via parse_query_string Inefficient Regular Expression
CVSS 6.5
CVE-2024-3651 HIGH
kjd/idna < 3.7 - Denial of Service via Quadratic Complexity in idna.encode()
CVSS 7.5
CVE-2024-6434 LOW
Premium Addons for Elementor <4.10.35 - DoS
CVSS 3.1
CVE-2024-39316 MEDIUM
Rack 3.1.0-3.1.5 - Denial of Service via HTTP Accept Header Parsing
CVSS 6.5
CVE-2024-39249 HIGH
Async <= 2.6.4 and <= 3.2.5 - Denial of Service via Inefficient Regular Expression in autoInject
CVSS 7.5
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits