Описание
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.
A flaw was found in nodejs-no-case, where the no-case module is vulnerable to a regular expression denial of service. This issue occurs when malicious untrusted user input is passed into no-case and blocks the event loop, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Отчет
Red Hat Quay imports nodejs-no-case as a build time dependency of html-loader. Nodejs-no-case is only used as build time, and not at runtime.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Quay 3 | quay/quay-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.
Regular Expression Denial of Service in no-case
EPSS
7.5 High
CVSS3