CVE-2022-36034

Опубликовано: 29 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of {{ and with many repetitions of {{|. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds.

Ссылки

https://github.com/cainthebest/nitrado.js/blob/v0.2.5/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/cainthebest/nitrado.js/security/advisories/GHSA-vqc4-v8hc-h2jg
Third Party Advisory
https://github.com/cainthebest/nitrado.js/blob/v0.2.5/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/cainthebest/nitrado.js/security/advisories/GHSA-vqc4-v8hc-h2jg
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nitrado.js_project:nitrado.js:*:*:*:*:*:node.js:*:*

Версия до 0.2.5 (исключая)

EPSS

Процентиль: 54%

0.00317

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

CWE-1333

Связанные уязвимости

GHSA-vqc4-v8hc-h2jg