exploitDog

CVE-2017-16115

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.

Ссылки

https://github.com/indexzero/TimeSpan.js/issues/10
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/533
Third Party Advisory
https://github.com/indexzero/TimeSpan.js/issues/10
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/533
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:timespan_project:timespan:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 51%

0.0028

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-400

Связанные уязвимости

GHSA-f523-2f5j-gfcg

CVSS3: 7.5

github

больше 7 лет назад

Regular Expression Denial of Service in timespan

EPSS

Процентиль: 51%

0.0028

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-400