Описание
Polynomial regular expression used on uncontrolled data in nitrado.js
Impact
Possible ReDoS with lib input of {{ and with many repetitions of {{|
Patches
Patched in all versions above 0.2.5
Workarounds
No known work arounds.
References
- OWASP: Regular expression Denial of Service - ReDoS
- Wikipedia: ReDoS.
- Wikipedia: Time complexity.
- James Kirrage, Asiri Rathnayake, Hayo Thielecke: Static Analysis for Regular Expression Denial-of-Service Attack.
- Common Weakness Enumeration: CWE-1333.
- Common Weakness Enumeration: CWE-400.
Пакеты
Наименование
nitrado.js
npm
Затронутые версииВерсия исправления
< 0.2.5
0.2.5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.