Описание
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Ссылки
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.1 (исключая)
cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 46%
0.00231
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-1333
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 3 лет назад
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
CVSS3: 5.3
redhat
больше 3 лет назад
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
CVSS3: 5.3
debian
больше 3 лет назад
The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...
EPSS
Процентиль: 46%
0.00231
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-1333