CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2024-6038 HIGH
gaizhenbiao/chuanhuchatgpt - Regular Expression Denial of Service in filter_history Function
CVSS 7.5
CVE-2024-1493 MEDIUM
GitLab 9.2.0-16.11.4, 17.0.0-17.0.2, 17.1.0 - Denial of Service via Dependency File Link Processing
CVSS 6.5
CVE-2024-1963 MEDIUM
GitLab 8.4-16.10.6, 16.11-16.11.3, 17.0-17.0.1 - Regular Expression Denial of Service via Asana Integration
CVSS 6.5
CVE-2024-1736 MEDIUM
GitLab < 16.10.7, 16.11-16.11.4, 17.0-17.0.2 - Denial of Service via CI/CD Pipeline Editor
CVSS 6.5
CVE-2024-1495 MEDIUM
GitLab 13.1-16.10.6, 16.11-16.11.3, 17.0-17.0.1 - Denial of Service via Maliciously Crafted File
CVSS 6.5
CVE-2024-5552 HIGH
kubeflow/kubeflow < 1.9.0 - Unauthenticated Regular Expression Denial of Service via Email Validation
CVSS 7.5
CVE-2024-4148 HIGH
lunary 1.2.10 - Regular Expression Denial of Service
CVSS 7.5
CVE-2024-4067 MEDIUM
micromatch < 4.0.8 - Regular Expression Denial of Service via Greedy Pattern Matching
CVSS 5.3
CVE-2024-2651 MEDIUM
GitLab CE/EE <16.9.7-16.10.4-16.11.1 - DoS
CVSS 6.5
CVE-2024-28716 HIGH
OpenStack Storlets yoga-eom - Remote Code Execution via gateway.py
CVSS 7.5
CVE-2024-4056 HIGH
M-Files Server <24.4.13592.4, >23.11 - DoS
CVSS 7.5
CVE-2024-2829 HIGH
GitLab 12.5-16.9.5, 16.10-16.10.3, 16.11 - Denial of Service via FileFinder Wildcard Filter
CVSS 7.5
CVE-2024-22640 HIGH
TCPDF <=6.6.5 - Regular Expression Denial of Service via Crafted HTML Color
CVSS 7.5
CVE-2024-3772 MEDIUM
Pydantic < 1.10.13 and 2.0.0-2.4.0 - Denial of Service via Crafted Email String
CVSS 5.9
CVE-2024-22363 HIGH
SheetJS Community Edition <0.20.2 - DoS
CVSS 7.5
CVE-2024-21503 MEDIUM
black < 24.3.0 - Denial of Service via Inefficient Regular Expression in strings.py
CVSS 5.3
CVE-2024-28865 HIGH
django-wiki <0.10.1 - Info Disclosure
CVSS 7.5
CVE-2024-28864 LOW
SecureProps 1.2.0-1.2.1 - Info Disclosure
CVSS 2.6
CVE-2024-27351 MEDIUM
Django <3.2.25, <4.2.11, <5.0.3 - DoS
CVSS 5.3
CVE-2024-26146 MEDIUM
Rack 0.4-2.0.9.3, 3.0.0-3.0.9.0 - Denial of Service via Header Parsing
CVSS 5.3
CVE-2024-25126 MEDIUM
Rack 0.4-2.2.8.1 and 3.0.0-3.0.9.1 - Denial of Service via Content-Type Header Parsing
CVSS 5.3
CVE-2024-1892 MEDIUM
scrapy < 2.11.1 - Denial of Service via XMLFeedSpider XML Parsing
CVSS 6.5
CVE-2024-26142 HIGH
Rails 7.1.0-7.1.3 - Denial of Service via Accept Header Parsing ReDoS
CVSS 7.5
CVE-2024-27088 NONE
es5-ext 0.10.0-0.10.62 - Inefficient Regular Expression Complexity in function#copy and function#toStringTokens
CVE-2024-21490 HIGH
angular.js >=1.3.0 - Denial of Service via ng-srcset Directive Regex Backtracking
CVSS 7.5
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits