CVE-2017-16023

Опубликовано: 04 июн. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.

Ссылки

https://github.com/sindresorhus/decamelize/issues/5
Third Party Advisory
https://nodesecurity.io/advisories/308
Third Party Advisory
https://github.com/sindresorhus/decamelize/issues/5
Third Party Advisory
https://nodesecurity.io/advisories/308
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:decamelize_project:decamelize:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:decamelize_project:decamelize:1.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-20

Связанные уязвимости

CVE-2017-16023

CVSS3: 7.5

redhat

около 10 лет назад

CVE-2017-16023

CVSS3: 7.5

debian

больше 7 лет назад

Decamelize is used to convert a dash/dot/underscore/space separated st ...

GHSA-q5c4-39f5-m68j

CVSS3: 7.5

github

больше 7 лет назад

Regular Expression Denial of Service in decamelize

EPSS

Процентиль: 55%

0.00328

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-20