Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-MVMF-CVFX-QG55
HistorySep 01, 2020 - 3:16 p.m.

Regular Expression Denial of Service in bleach

2020-09-0115:16:43
CWE-400
GitHub Advisory Database
github.com
11
JSON

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function.

Recommendation

The bleach package is not currently maintained, and has not seen an update since 2014.

To mitigate this issue, it is necessary to use an alternative module that is actively maintained and provides similar functionality. There are multiple modules fitting this criteria available on npm..

CPENameOperatorVersion
bleachge0.0.0

Related

cve 1
osv 1
nodejs 1
cve
cve
CVE-2014-8881
2022-02-25 08:28:45
osv
osv
Regular Expression Denial of Service in bleach
2020-09-01 15:16:43
nodejs
nodejs
Regular Expression Denial of Service
2015-10-24 17:38:43
JSON
Related for GHSA-MVMF-CVFX-QG55
cve1osv1nodejs1