Количество 2
Количество 2
CVE-2021-23354
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
GHSA-xfhp-gmh8-r8v2
printf vulnerable to Regular Expression Denial of Service (ReDoS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-23354 The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | CVSS3: 5.3 | 0% Низкий | почти 5 лет назад |
| GHSA-xfhp-gmh8-r8v2 printf vulnerable to Regular Expression Denial of Service (ReDoS) | CVSS3: 7.5 | 0% Низкий | почти 5 лет назад |
Уязвимостей на страницу