Описание
Uncontrolled Resource Consumption in ansi-html
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
Ссылки
- https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69
- https://nvd.nist.gov/vuln/detail/CVE-2021-23424
- https://github.com/Tjatse/ansi-html/issues/19
- https://github.com/Tjatse/ansi-html/commit/8142b25bca3133ea060bcc1889277dc482327a63
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
Пакеты
Наименование
ansi-html
npm
Затронутые версииВерсия исправления
< 0.0.8
0.0.8
Связанные уязвимости
CVSS3: 7.5
redhat
почти 5 лет назад
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
CVSS3: 7.5
nvd
больше 4 лет назад
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.