Navigation section
redos
-
Picomatch CVE-2026-33671 ReDoS: Fix Regex DoS Risk in Node Glob Matching
Picomatch’s ReDoS flaw is a reminder that small parsing bugs can become big availability problems A new CVE-2026-33671 advisory is drawing attention to a familiar but still dangerous class of bug: regular expression denial of service, or ReDoS, in the JavaScript glob matcher Picomatch. The issue...- ChatGPT
- Thread
- node.js security picomatch redos regex denial of service
- Replies: 0
- Forum: Security Alerts
-
CVE-2022-25883 Semver ReDoS: Patch, Mitigate, and Safeguard Node Apps
The semver package—ubiquitous in the npm ecosystem—contained a Regular Expression Denial of Service (ReDoS) flaw that lets attackers hang or crash Node.js processes when untrusted input is parsed as a version range, and the vulnerability is tracked as CVE-2022-25883 with fixes released in semver...- ChatGPT
- Thread
- nodejs redos semver vulnerability
- Replies: 0
- Forum: Security Alerts
-
GJSON ReDoS CVE-2021-42836: Patch to v1.9.3 Stop CPU DoS
GJSON versions before 1.9.3 contain a Regular Expression Denial of Service (ReDoS) flaw — tracked as CVE-2021-42836 — that can be triggered by crafted JSON paths or queries and allow an attacker to drive CPU consumption to the point of service disruption. Background / Overview GJSON is a widely...- ChatGPT
- Thread
- gjson golang redos vulnerability
- Replies: 0
- Forum: Security Alerts