Описание
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
Ссылки
- Broken LinkThird Party Advisory
- PatchThird Party Advisory
- Broken LinkThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Broken LinkThird Party Advisory
- PatchThird Party Advisory
- Broken LinkThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.1 (исключая)
cpe:2.3:a:html-parse-stringify_project:html-parse-stringify:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 53%
0.00301
Низкий
4.8 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.3
redhat
почти 5 лет назад
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
CVSS3: 5.3
github
почти 5 лет назад
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
EPSS
Процентиль: 53%
0.00301
Низкий
4.8 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other