CWE-1333— Inefficient Regular Expression Complexity (ReDoS)
284 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1333page 2 of 6
- CVE-2021-3795HIGHCVSS 7.5EG 7.52021-09-15
semver-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3801MEDIUMCVSS 6.5EG 6.52021-09-15
prism is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3803HIGHCVSS 7.5EG 7.52021-09-17
nth-check is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3804HIGHCVSS 7.5EG 7.52021-09-17
taro is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3807HIGHCVSS 7.5EG 7.52021-09-17
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3810HIGHCVSS 7.5EG 7.52021-09-17
code-server is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3820HIGHCVSS 7.5EG 7.52021-09-27
inflect is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3822HIGHCVSS 7.5EG 7.52021-09-27
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3828HIGHCVSS 7.5EG 7.52021-09-27
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3842HIGHCVSS 7.5EG 7.52022-01-04
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-39933MEDIUMCVSS 4.3EG 6.52021-12-13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling use…
- CVE-2021-39940MEDIUMCVSS 4.3EG 6.52021-12-13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable…
- CVE-2021-40660HIGHCVSS 7.5EG 7.52022-06-14
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.
- CVE-2021-40892HIGHCVSS 7.5EG 7.52022-06-24
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.
- CVE-2021-40893HIGHCVSS 7.5EG 7.52022-06-24
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails.
- CVE-2021-40894HIGHCVSS 7.5EG 7.52022-06-24
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.
- CVE-2021-40895HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.
- CVE-2021-40896HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails.
- CVE-2021-40897HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.
- CVE-2021-40898HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.
- CVE-2021-40899HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.
- CVE-2021-40900HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.
- CVE-2021-40901HIGHCVSS 7.5EG 7.52022-06-27
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.
- CVE-2021-41115MEDIUMCVSS 4.3EG 4.32021-10-07
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular exp…
- CVE-2021-41817HIGHCVSS 7.5EG 7.52022-01-01
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
- CVE-2021-4299MEDIUMCVSS 4.3EG 4.32023-01-02
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity…
- CVE-2021-4305LOWCVSS 3.5EG 3.52023-01-05
A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regu…
- CVE-2021-4306LOWCVSS 3.5EG 3.52023-01-07
A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to addre…
- CVE-2021-43306MEDIUMCVSS 5.9EG 5.92022-06-02
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
- CVE-2021-43307MEDIUMCVSS 5.9EG 5.92022-06-02
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
- CVE-2021-43308MEDIUMCVSS 5.9EG 5.92022-06-02
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
- CVE-2021-43309MEDIUMCVSS 5.9EG 5.92022-08-24
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
- CVE-2021-43805HIGHCVSS 7.5EG 7.52021-12-07
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to…
- CVE-2021-43838MEDIUMCVSS 5.3EG 5.32021-12-17
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements int…
- CVE-2021-43843MEDIUMCVSS 5.3EG 5.32021-12-20
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReD…
- CVE-2021-4437LOWCVSS 3.5EG 3.52024-02-12
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer…
- CVE-2021-45470HIGHCVSS 7.5EG 7.52021-12-23
lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts.
- CVE-2021-46823MEDIUMCVSS 6.5EG 6.52022-06-18
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex inp…
- CVE-2022-1510MEDIUMCVSS 6.5EG 7.52022-05-11
An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious tex…
- CVE-2022-1929MEDIUMCVSS 5.9EG 5.92022-06-02
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
- CVE-2022-1930MEDIUMCVSS 5.9EG 5.92022-08-22
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
- CVE-2022-1954MEDIUMCVSS 4.3EG 5.32022-07-01
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially…
- CVE-2022-21195MEDIUMCVSS 5.3EG 5.32022-05-20
All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash.
- CVE-2022-21222MEDIUMCVSS 5.3EG 5.32022-09-30
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered…
- CVE-2022-21670MEDIUMCVSS 5.3EG 5.32022-01-10
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no k…
- CVE-2022-21680HIGHCVSS 7.5EG 7.52022-01-14
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untr…
- CVE-2022-21681HIGHCVSS 7.5EG 7.52022-01-14
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted mark…
- CVE-2022-23514HIGHCVSS 7.5EG 7.52022-12-14
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempt…
- CVE-2022-23517HIGHCVSS 7.5EG 7.52022-12-14
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attemp…
- CVE-2022-23548MEDIUMCVSS 6.5EG 6.52023-01-05
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service …
Map vulnerabilities like CWE-1333 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1333 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →