CVE-2021-33623

Опубликовано: 28 мая 2021

Источник: debian

Описание

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-trim-newlines	fixed	3.0.0+~3.0.0-1		package
node-trim-newlines	fixed	3.0.0-1+deb11u1	bullseye	package
node-trim-newlines	end-of-life		stretch	package

Примечания

https://github.com/advisories/GHSA-7p7h-4mm5-852v
https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91 (v4.0.1)
https://github.com/sindresorhus/trim-newlines/commit/b10d5f4afef832b16bc56d49fc52c68cbd403869 (v3.0.1)

Связанные уязвимости

CVE-2021-33623

CVSS3: 7.5

ubuntu

больше 4 лет назад

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

CVE-2021-33623

CVSS3: 7.5

redhat

больше 4 лет назад

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

CVE-2021-33623

CVSS3: 7.5

nvd

больше 4 лет назад

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

GHSA-7p7h-4mm5-852v

CVSS3: 7.5

github

больше 4 лет назад

Uncontrolled Resource Consumption in trim-newlines