Описание
Regular Expression Denial of Service in trim
All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7753
- https://github.com/component/trim/pull/8
- https://github.com/component/trim
- https://github.com/component/trim/blob/master/index.js
- https://github.com/component/trim/blob/master/index.js%23L6
- https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a@%3Ccommits.airflow.apache.org%3E
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038
Пакеты
Наименование
trim
npm
Затронутые версииВерсия исправления
< 0.0.3
0.0.3
Связанные уязвимости
CVSS3: 7.5
redhat
почти 5 лет назад
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVSS3: 7.5
nvd
почти 5 лет назад
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVSS3: 7.5
fstec
почти 5 лет назад
Уязвимость функции trim() пакета trim, позволяющая нарушителю вызвать отказ в обслуживании
