Safeguard
Tag

redos

Safeguard articles tagged "redos" — guides, analysis, and best practices for software supply chain and application security.

36 articles

Vulnerability Analysis

http-cache-semantics ReDoS vulnerability (CVE-2022-25881)

CVE-2022-25881 lets attacker-influenced HTTP responses trigger catastrophic regex backtracking in http-cache-semantics, hanging Node.js services. Here's how to detect and fix it.

Jan 1, 20267 min read
Vulnerability Analysis

Python setuptools package_index ReDoS (CVE-2022-40897)

CVE-2022-40897 is a ReDoS flaw in setuptools' package_index.py that can hang CI pipelines when parsing crafted index pages. Here's how to detect and fix it.

Dec 31, 20257 min read
Vulnerability Analysis

urllib3 regular expression denial of service (CVE-2021-33503)

A deep dive into CVE-2021-33503, the urllib3 ReDoS flaw in Python's core HTTP library, its real-world exposure, and how to remediate it.

Dec 31, 20257 min read
Vulnerability Analysis

Algorithmic complexity denial of service explained

Small inputs, big CPU spikes: how algorithmic complexity DoS vulnerabilities like ReDoS and hash flooding crash apps with a single request.

Dec 7, 20256 min read
Vulnerability Analysis

Regular expression injection explained

Regex injection lets attackers rewrite pattern logic or trigger ReDoS. See real CVEs, exploit examples, and how to detect and fix it in your code.

Dec 2, 20257 min read
Industry Analysis

ReDoS: Regular Expression Denial of Service Attacks

ReDoS took down Cloudflare's global network for 27 minutes in 2019 and Stack Overflow in 2016. Here's how one bad regex causes an outage, and how to catch it first.

Nov 8, 20258 min read
Vulnerability Analysis

CVE-2017-16137: ReDoS in debug package

CVE-2017-16137 is a ReDoS flaw in the debug npm package that can hang Node.js apps on crafted input. Here's what's affected and how to fix it.

Oct 16, 20258 min read
Vulnerability Analysis

CVE-2020-28469: ReDoS in glob-parent

CVE-2020-28469 is a ReDoS flaw in glob-parent before 5.1.2 that can hang processes parsing crafted glob strings. Here's the risk, timeline, and fix.

Oct 14, 20257 min read
Vulnerability Analysis

CVE-2021-23343: ReDoS in path-parse

CVE-2021-23343 is a ReDoS vulnerability in path-parse before 1.0.7 that lets crafted path strings stall Node.js apps. Here's how it works and how to fix it.

Oct 14, 20257 min read
Vulnerability Analysis

CVE-2018-1000620: ReDoS in marked markdown parser

A ReDoS flaw in the marked Markdown parser (CVE-2018-1000620) let crafted input stall Node.js services. Here's the impact, fix, and how to catch it in your dependency tree.

Oct 14, 20258 min read
Vulnerability Analysis

CVE-2022-21680: ReDoS in marked via block token regexes

CVE-2022-21680: how a ReDoS in marked's block-tokenizer regexes could let attackers freeze Markdown-rendering services, plus affected versions, fix, and mitigation steps.

Oct 13, 20257 min read
Vulnerability Analysis

CVE-2022-21681: Second ReDoS flaw in marked

CVE-2022-21681 is a ReDoS flaw in marked's inline tokenizer that lets crafted Markdown hang parsing. What's affected, severity, and how to remediate.

Oct 13, 20256 min read
redos (Page 2) — Safeguard Blog