Common Weakness Enumeration

CWE-1333

Allowed

Inefficient Regular Expression Complexity

Abstraction: Base · Status: Draft

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

732 vulnerabilities reference this CWE, most recent first.

GHSA-8QJW-9XGM-C9FF

Vulnerability from github – Published: 2025-06-19 16:19 – Updated: 2025-06-20 22:20
VLAI
Summary
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
Details

Impact

What kind of vulnerability is it? Who is impacted?

This is an advisory for a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find().

To trigger polynomial ReDoS in RegexCriterion, two attacker-controlled conditions must be met: - Control over the regex input passed into the constructor: - Example: An attacker supplies a malicious pattern such as (.*a){10000}. - Control or influence over the output of Identifiable.getId(): - Example: A long string like "aaaa...!" that forces excessive backtracking.

If both conditions are satisfied, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls — especially if performed over large network models or filtering operations. While this class does not handle file or memory data directly, its reliance on untrusted regular expressions and potentially attacker-controlled identifiers makes it vulnerable to polynomial ReDoS under the right conditions. This risk is amplified when the library is used in dynamic or scriptable environments where external users control either criterion construction or network object identifiers. Although not as dangerous as catastrophic exponential ReDoS, the polynomial pattern still induces significant performance degradation as input size increases.

Am I impacted?

Since RegexCriterion are used to define contingencies or limit reductions, you are vulnerable if: - you allow untrusted users to define contingency lists or limit reductions using this criterion; - OR you load untrusted contingencies or limit reductions files

AND use them with a network containing untrusted identifiers.

Patches

com.powsybl:powsybl-iidm-criteria:6.7.2 and higher

References

powsybl-core v6.7.2

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.7.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.powsybl:powsybl-iidm-criteria"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.3.0"
            },
            {
              "fixed": "6.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.powsybl:powsybl-contingency-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "6.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-19T16:19:48Z",
    "nvd_published_at": "2025-06-20T17:15:40Z",
    "severity": "LOW"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nThis is an advisory for a **potential polynomial Regular Expression Denial of Service (ReDoS)** vulnerability in the `RegexCriterion` class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an `Identifiable` object via `Pattern.compile(regex).matcher(id).find()`.\n\nTo trigger **polynomial ReDoS** in `RegexCriterion`, **two attacker-controlled conditions** must be met:\n- **Control over the regex input** passed into the constructor:\n  - _Example:_ An attacker supplies a malicious pattern such as `(.*a){10000}`.\n- **Control or influence over the output of `Identifiable.getId()`**:\n  -  _Example:_ A long string like `\"aaaa...!\"` that forces excessive backtracking.\n\nIf both conditions are satisfied, a malicious actor can cause **significant CPU exhaustion** through repeated or recursive `filter(...)` calls \u2014 especially if performed over large network models or filtering operations.\nWhile this class does not handle file or memory data directly, its reliance on untrusted regular expressions and potentially attacker-controlled identifiers makes it vulnerable to **polynomial ReDoS** under the right conditions. This risk is amplified when the library is used in dynamic or scriptable environments where external users control either criterion construction or network object identifiers.\nAlthough not as dangerous as _catastrophic exponential ReDoS_, the polynomial pattern still induces significant performance\ndegradation as input size increases.\n\n#### Am I impacted?\nSince `RegexCriterion` are used to define contingencies or limit reductions, you are vulnerable if:\n- you allow untrusted users to define contingency lists or limit reductions using this criterion;\n- OR you load untrusted contingencies or limit reductions files\n\nAND use them with a network containing untrusted identifiers.\n\n### Patches\ncom.powsybl:powsybl-iidm-criteria:6.7.2 and higher\n\n### References\n[powsybl-core v6.7.2](https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2)",
  "id": "GHSA-8qjw-9xgm-c9ff",
  "modified": "2025-06-20T22:20:47Z",
  "published": "2025-06-19T16:19:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/powsybl/powsybl-core/security/advisories/GHSA-8qjw-9xgm-c9ff"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48059"
    },
    {
      "type": "WEB",
      "url": "https://github.com/powsybl/powsybl-core/commit/d8398f689a5ccd505bd62eee2bd6670a29133110"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/powsybl/powsybl-core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion"
}

GHSA-8R9Q-7V3J-JR4G

Vulnerability from github – Published: 2026-01-05 21:30 – Updated: 2026-07-15 18:32
VLAI
Summary
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Details

Impact

A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp() function generates a regex pattern with nested quantifiers (([^/]+(?:,[^/]+)*)) for exploded template variables (e.g., {/id*}, {?tags*}), causing catastrophic backtracking on malicious input.

Who is affected: MCP servers that register resource templates with exploded array patterns and accept requests from untrusted clients.

Attack result: An attacker sends a crafted URI via resources/read request, causing 100% CPU utilization, server hang/crash, and denial of service for all clients.

Affected Versions

All versions of @modelcontextprotocol/sdk prior to the patched release.

Patches

v1.25.2 contains b392f02ffcf37c088dbd114fedf25026ec3913d3 the fix modifies the regex pattern to prevent backtracking.

Workarounds

  • Avoid using exploded patterns ({/id*}, {?tags*}) in resource templates
  • Implement request timeouts and rate limiting
  • Validate URIs before processing to reject suspicious patterns
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@modelcontextprotocol/sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.25.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-0621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-06T21:20:37Z",
    "nvd_published_at": "2026-01-05T21:16:14Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA ReDoS vulnerability in the `UriTemplate` class allows attackers to cause denial of service. The `partToRegExp()` function generates a regex pattern with nested quantifiers (`([^/]+(?:,[^/]+)*)`) for exploded template variables (e.g., `{/id*}`, `{?tags*}`), causing catastrophic backtracking on malicious input.\n\n**Who is affected:** MCP servers that register resource templates with exploded array patterns and accept requests from untrusted clients.\n\n**Attack result:** An attacker sends a crafted URI via `resources/read` request, causing 100% CPU utilization, server hang/crash, and denial of service for all clients.\n\n### Affected Versions\n\nAll versions of `@modelcontextprotocol/sdk` prior to the patched release.\n\n### Patches\n\nv1.25.2 contains b392f02ffcf37c088dbd114fedf25026ec3913d3 the fix modifies the regex pattern to prevent backtracking.\n\n### Workarounds\n\n- Avoid using exploded patterns (`{/id*}`, `{?tags*}`) in resource templates\n- Implement request timeouts and rate limiting\n- Validate URIs before processing to reject suspicious patterns",
  "id": "GHSA-8r9q-7v3j-jr4g",
  "modified": "2026-07-15T18:32:03Z",
  "published": "2026-01-05T21:30:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-cqwc-fm46-7fff"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0621"
    },
    {
      "type": "WEB",
      "url": "https://github.com/modelcontextprotocol/typescript-sdk/issues/965"
    },
    {
      "type": "WEB",
      "url": "https://github.com/modelcontextprotocol/typescript-sdk/commit/7f0cf730"
    },
    {
      "type": "WEB",
      "url": "https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/modelcontextprotocol/typescript-sdk"
    },
    {
      "type": "WEB",
      "url": "https://github.com/modelcontextprotocol/typescript-sdk/releases/tag/v1.25.2"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/mcp-typescript-sdk-uritemplate-exploded-array-pattern-redos"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Anthropic\u0027s MCP TypeScript SDK has a ReDoS vulnerability"
}

GHSA-8RG4-CVW3-V3C2

Vulnerability from github – Published: 2025-01-07 18:30 – Updated: 2025-01-07 21:30
VLAI
Details

An issue in the validate_email function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-07T16:15:33Z",
    "severity": "HIGH"
  },
  "details": "An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.",
  "id": "GHSA-8rg4-cvw3-v3c2",
  "modified": "2025-01-07T21:30:55Z",
  "published": "2025-01-07T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46242"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/salvatore-abello/4f01f3fa54672febc0a492a11a26592c"
    },
    {
      "type": "WEB",
      "url": "http://ctfd.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V8V-G73J-492J

Vulnerability from github – Published: 2026-05-28 17:34 – Updated: 2026-05-28 17:34
VLAI
Summary
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
Details

Description

The JsonPath component's match() and search() filter functions compile a caller-supplied pattern straight into preg_match():

'match'  => @preg_match(\sprintf('/^%s$/u', $this->transformJsonPathRegex($argList[1])), $value),
'search' => @preg_match("/{$this->transformJsonPathRegex($argList[1])}/u", $value),

transformJsonPathRegex() only performs cosmetic escaping: there is no length cap, no restriction to the RFC 9485 i-regexp subset, and no bound on backtracking. An application that evaluates an attacker-influenced JSONPath expression server-side (e.g. one taken from a query parameter or API field and passed to JsonCrawler) can therefore be made to run a catastrophic-backtracking pattern such as $[?search(@, "(a+)+$")]. Evaluated against a moderately sized document, this pins a CPU core for seconds per request, so a handful of concurrent requests exhausts the worker pool: a denial of service. Because the preg_match() calls are prefixed with @, the PCRE backtrack-limit errors that would otherwise surface are suppressed, leaving no log trace.

Conditions for exploitation

An application that evaluates an attacker-influenced JSONPath expression containing a match() / search() filter against any non-trivial JSON input.

Resolution

JsonCrawler runs the preg_match() calls through a helper that lowers pcre.backtrack_limit to 10000 for the duration of the call (restoring the previous value afterwards), so a pathological pattern fails fast instead of stalling the worker.

The patch for this issue is available here for branch 7.4.

Credits

Symfony would like to thank Himanshu Anand for reporting the issue and Alexandre Daubois for providing the fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/json-path"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/json-path"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-28T17:34:55Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Description\n\nThe `JsonPath` component\u0027s `match()` and `search()` filter functions compile a caller-supplied pattern straight into `preg_match()`:\n\n```php\n\u0027match\u0027  =\u003e @preg_match(\\sprintf(\u0027/^%s$/u\u0027, $this-\u003etransformJsonPathRegex($argList[1])), $value),\n\u0027search\u0027 =\u003e @preg_match(\"/{$this-\u003etransformJsonPathRegex($argList[1])}/u\", $value),\n```\n\n`transformJsonPathRegex()` only performs cosmetic escaping: there is no length cap, no restriction to the RFC 9485 i-regexp subset, and no bound on backtracking. An application that evaluates an attacker-influenced JSONPath expression server-side (e.g. one taken from a query parameter or API field and passed to `JsonCrawler`) can therefore be made to run a catastrophic-backtracking pattern such as `$[?search(@, \"(a+)+$\")]`. Evaluated against a moderately sized document, this pins a CPU core for seconds per request, so a handful of concurrent requests exhausts the worker pool: a denial of service. Because the `preg_match()` calls are prefixed with `@`, the PCRE backtrack-limit errors that would otherwise surface are suppressed, leaving no log trace.\n\n### Conditions for exploitation\n\nAn application that evaluates an attacker-influenced JSONPath expression containing a `match()` / `search()` filter against any non-trivial JSON input.\n\n### Resolution\n\n`JsonCrawler` runs the `preg_match()` calls through a helper that lowers `pcre.backtrack_limit` to 10000 for the duration of the call (restoring the previous value afterwards), so a pathological pattern fails fast instead of stalling the worker.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/1ac2d47418ec23066112db1e6ca35be6fe123d14) for branch 7.4.\n\n### Credits\n\nSymfony would like to thank Himanshu Anand for reporting the issue and Alexandre Daubois for providing the fix.",
  "id": "GHSA-8v8v-g73j-492j",
  "modified": "2026-05-28T17:34:55Z",
  "published": "2026-05-28T17:34:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/security/advisories/GHSA-8v8v-g73j-492j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/commit/1ac2d47418ec23066112db1e6ca35be6fe123d14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/json-path/CVE-2026-45756.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45756.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/symfony/symfony"
    },
    {
      "type": "WEB",
      "url": "https://symfony.com/cve-2026-45756"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Symfony\u0027s JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits \u2014 ReDoS"
}

GHSA-8VJH-PXFW-4FQM

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-10-15 15:30
VLAI
Details

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-183"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:28Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function \u0027\u89e3\u6790\u9879\u76ee\u6e90\u7801\uff08\u624b\u52a8\u6307\u5b9a\u548c\u7b5b\u9009\u6e90\u7801\u6587\u4ef6\u7c7b\u578b\uff09\u0027 permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.",
  "id": "GHSA-8vjh-pxfw-4fqm",
  "modified": "2025-10-15T15:30:24Z",
  "published": "2025-03-20T12:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12391"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/70b3f4f0-6b1b-4563-a18c-fe46502e6ba0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8W9J-HC3G-3G7F

Vulnerability from github – Published: 2026-04-01 23:21 – Updated: 2026-04-06 22:54
VLAI
Summary
PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Details

Summary

MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage.

Details

tool_index.py:365 (source) -> tool_index.py:368 (sink)

# source -- query taken directly from caller, no validation
def search_tools(self, query: str) -> List[ToolInfo]:
    import re

# sink -- compiled and applied with no timeout or exception handling
    pattern = re.compile(query, re.IGNORECASE)
    for tool in self.get_all_tools():
        if pattern.search(tool.name) or pattern.search(tool.hint):
            matches.append(tool)

PoC

# tested on: praisonai==1.5.87 (source install)
# install: pip install -e src/praisonai
import sys, time, json
sys.path.insert(0, 'src/praisonai')
from pathlib import Path

mcp_dir = Path.home() / '.praison' / 'mcp' / 'servers' / 'test_server'
mcp_dir.mkdir(parents=True, exist_ok=True)
(mcp_dir / '_index.json').write_text(json.dumps([
    {"name": "a" * 30 + "!", "hint": "a" * 30 + "!", "server": "test_server"}
]))
(mcp_dir / '_status.json').write_text(json.dumps({
    "server": "test_server", "available": True, "auth_required": False,
    "last_sync": time.time(), "tool_count": 1, "error": None
}))

from praisonai.mcp_server.tool_index import MCPToolIndex
index = MCPToolIndex()

start = time.monotonic()
results = index.search_tools("(a+)+$")
print(f"Returned in {time.monotonic() - start:.1f}s")
# expected output: Returned in 376.0s

Impact

A single crafted query blocks the Python thread for hundreds of seconds, causing a complete service outage for the duration. The MCP server HTTP transport runs without an API key by default, making this reachable by any attacker on the network. Repeated requests sustain the DoS indefinitely.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.5.89"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "praisonai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.5.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T23:21:08Z",
    "nvd_published_at": "2026-04-03T23:17:06Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\n`MCPToolIndex.search_tools()` compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the `re` engine, blocking the Python thread for hundreds of seconds and causing a complete service outage.\n\n### Details\n\n`tool_index.py:365` (source) -\u003e `tool_index.py:368` (sink)\n```python\n# source -- query taken directly from caller, no validation\ndef search_tools(self, query: str) -\u003e List[ToolInfo]:\n    import re\n\n# sink -- compiled and applied with no timeout or exception handling\n    pattern = re.compile(query, re.IGNORECASE)\n    for tool in self.get_all_tools():\n        if pattern.search(tool.name) or pattern.search(tool.hint):\n            matches.append(tool)\n```\n\n### PoC\n```python\n# tested on: praisonai==1.5.87 (source install)\n# install: pip install -e src/praisonai\nimport sys, time, json\nsys.path.insert(0, \u0027src/praisonai\u0027)\nfrom pathlib import Path\n\nmcp_dir = Path.home() / \u0027.praison\u0027 / \u0027mcp\u0027 / \u0027servers\u0027 / \u0027test_server\u0027\nmcp_dir.mkdir(parents=True, exist_ok=True)\n(mcp_dir / \u0027_index.json\u0027).write_text(json.dumps([\n    {\"name\": \"a\" * 30 + \"!\", \"hint\": \"a\" * 30 + \"!\", \"server\": \"test_server\"}\n]))\n(mcp_dir / \u0027_status.json\u0027).write_text(json.dumps({\n    \"server\": \"test_server\", \"available\": True, \"auth_required\": False,\n    \"last_sync\": time.time(), \"tool_count\": 1, \"error\": None\n}))\n\nfrom praisonai.mcp_server.tool_index import MCPToolIndex\nindex = MCPToolIndex()\n\nstart = time.monotonic()\nresults = index.search_tools(\"(a+)+$\")\nprint(f\"Returned in {time.monotonic() - start:.1f}s\")\n# expected output: Returned in 376.0s\n```\n\n### Impact\n\nA single crafted query blocks the Python thread for hundreds of seconds, causing a complete service outage for the duration. The MCP server HTTP transport runs without an API key by default, making this reachable by any attacker on the network. Repeated requests sustain the DoS indefinitely.",
  "id": "GHSA-8w9j-hc3g-3g7f",
  "modified": "2026-04-06T22:54:16Z",
  "published": "2026-04-01T23:21:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8w9j-hc3g-3g7f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34939"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MervinPraison/PraisonAI"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()"
}

GHSA-8X6C-CV3V-VP6G

Vulnerability from github – Published: 2023-02-11 00:13 – Updated: 2023-02-14 02:40
VLAI
Summary
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
Details

This advisory is withdawn.

cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7.

Summary of http-cache-semantics vulnerability

http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Details

https://github.com/advisories/GHSA-rc47-6667-2j5j

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "cacheable-request"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.2.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-11T00:13:31Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## This advisory is withdawn.\n\ncacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. \n\n### Summary of http-cache-semantics vulnerability\nhttp-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.\n\n### Details\nhttps://github.com/advisories/GHSA-rc47-6667-2j5j\n\n",
  "id": "GHSA-8x6c-cv3v-vp6g",
  "modified": "2023-02-14T02:40:00Z",
  "published": "2023-02-11T00:13:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jaredwray/cacheable-request/security/advisories/GHSA-8x6c-cv3v-vp6g"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaredwray/cacheable-request/commit/8a47777e4eb61960469873cf4b3a2823742fc15e"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jaredwray/cacheable-request"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service",
  "withdrawn": "2023-02-14T02:40:00Z"
}

GHSA-8XWW-X3G3-6JCV

Vulnerability from github – Published: 2023-01-18 18:20 – Updated: 2025-03-31 13:23
VLAI
Summary
ReDoS based DoS vulnerability in Action Dispatch
Details

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795.

Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1

Impact

A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Releases

The FIXED releases are available at the normal locations. Workarounds

We recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious If-None-Match headers before they reach the application.

Users on Ruby 3.2.0 or greater are not affected by this vulnerability. Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

6-1-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 6.1 series
7-0-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0.beta1"
            },
            {
              "fixed": "6.1.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-22795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-18T18:20:51Z",
    "nvd_published_at": "2023-02-09T20:15:00Z",
    "severity": "LOW"
  },
  "details": "There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795.\n\nVersions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1\n\nImpact\n\nA specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\nReleases\n\nThe FIXED releases are available at the normal locations.\nWorkarounds\n\nWe recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious If-None-Match headers before they reach the application.\n\nUsers on Ruby 3.2.0 or greater are not affected by this vulnerability.\nPatches\n\nTo aid users who aren\u2019t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    6-1-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 6.1 series\n    7-0-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.",
  "id": "GHSA-8xww-x3g3-6jcv",
  "modified": "2025-03-31T13:23:06Z",
  "published": "2023-01-18T18:20:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"
    },
    {
      "type": "WEB",
      "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"
    },
    {
      "type": "WEB",
      "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "ReDoS based DoS vulnerability in Action Dispatch"
}

GHSA-9242-6P36-6256

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-10-30 19:58
VLAI
Summary
Inefficient Regular Expression Complexity in node-email-check
Details

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "node-email-check"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-39619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T19:58:53Z",
    "nvd_published_at": "2023-10-25T18:17:29Z",
    "severity": "HIGH"
  },
  "details": "ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.\n\n",
  "id": "GHSA-9242-6p36-6256",
  "modified": "2023-10-30T19:58:53Z",
  "published": "2023-10-25T18:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39619"
    },
    {
      "type": "WEB",
      "url": "https://github.com/teomantuncer/node-email-check/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/6en6ar/712a4c1eab0324f15e09232c77ea08f8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/teomantuncer/node-email-check"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/node-email-check"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Inefficient Regular Expression Complexity in node-email-check"
}

GHSA-9356-575X-2W9M

Vulnerability from github – Published: 2025-08-06 12:31 – Updated: 2025-08-06 18:15
VLAI
Summary
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
Details

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the convert_tf_weight_name_to_pt_weight_name() function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /[^/]*___([^/]*)/ that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "transformers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.53.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-5197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-06T18:15:19Z",
    "nvd_published_at": "2025-08-06T12:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.",
  "id": "GHSA-9356-575x-2w9m",
  "modified": "2025-08-06T18:15:19Z",
  "published": "2025-08-06T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5197"
    },
    {
      "type": "WEB",
      "url": "https://github.com/huggingface/transformers/commit/701caef704e356dc2f9331cc3fd5df0eccb4720a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/huggingface/transformers/commit/944b56000be5e9b61af8301aa340838770ad8a0b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/huggingface/transformers"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/3f8b3fd0-166b-46e7-b60f-60dd9d2678bf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability"
}

Mitigation
Architecture and Design

Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.

Mitigation
System Configuration

Set backtracking limits in the configuration of the regular expression implementation, such as PHP's pcre.backtrack_limit. Also consider limits on execution time for the process.

Mitigation
Implementation

Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.

Mitigation
Implementation

Limit the length of the input that the regular expression will process.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.