Описание
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.1 (исключая)
cpe:2.3:a:hapi:formula:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 78%
0.01086
Низкий
5.5 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-1333
Связанные уязвимости
CVSS3: 6.5
redhat
почти 3 года назад
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
CVSS3: 5.5
github
почти 3 года назад
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
EPSS
Процентиль: 78%
0.01086
Низкий
5.5 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-1333