Описание
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | fh-mbaas | Not affected | ||
| Red Hat OpenShift Enterprise 3 | nodejs-decamelize | Not affected | ||
| Red Hat Software Collections | rh-nodejs8-nodejs | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1445292nodejs-decamelize: Regular expression Denial-of-Service
EPSS
Процентиль: 55%
0.00328
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
CVSS3: 7.5
debian
больше 7 лет назад
Decamelize is used to convert a dash/dot/underscore/space separated st ...
CVSS3: 7.5
github
больше 7 лет назад
Regular Expression Denial of Service in decamelize
EPSS
Процентиль: 55%
0.00328
Низкий
7.5 High
CVSS3