Описание
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Ссылки
- Broken Link
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Broken Link
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.1 (исключая)Версия от 5.0.0 (включая) до 5.14.2 (исключая)
Одно из
cpe:2.3:a:terser:terser:*:*:*:*:*:node.js:*:*
cpe:2.3:a:terser:terser:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 83%
0.01993
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-1333
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 3 года назад
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
CVSS3: 7.5
redhat
почти 3 года назад
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
CVSS3: 5.3
debian
почти 3 года назад
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...
CVSS3: 7.5
github
почти 3 года назад
Terser insecure use of regular expressions leads to ReDoS
EPSS
Процентиль: 83%
0.01993
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-1333