Описание
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
A flaw was found in the npm library trim where a specifically crafted input can cause a regular expression to take an abnormal amount of time to compute. All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-185
https://bugzilla.redhat.com/show_bug.cgi?id=1891860nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function
7.5 High
CVSS3
7.5 High
CVSS3