You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2021-29506
graphhopper: Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
CVE-2021-33580
Apache Roller: regex injection leading to DoS.
CVE-2021-37262
jflyfox/jfinal_cms: regex injection
After unsuccessful attempts to contact the maintainer by email and asking in the repo I have created a public issue. When it didn't help I have created a pull request that was merged. The maintainer neither created an advisory nor requested a CVE.
Query
Relevant PR: github/codeql#5704
CVE ID(s)
graphhopper: Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
Apache Roller: regex injection leading to DoS.
jflyfox/jfinal_cms: regex injection
After unsuccessful attempts to contact the maintainer by email and asking in the repo I have created a public issue. When it didn't help I have created a pull request that was merged. The maintainer neither created an advisory nor requested a CVE.
cbioportal: regex injection
Similar story trying to contact maintainers. Issue. Pull request. Fixed in https://github.com/cBioPortal/cbioportal/releases/tag/v3.6.22