Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAdam BaldwinNODEJS:47
HistoryOct 24, 2015 - 5:38 p.m.

Regular Expression Denial of Service

2015-10-2417:38:43
Adam Baldwin
www.npmjs.com
15
JSON

Overview

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function.

Recommendation

The bleach package is not currently maintained, and has not seen an update since 2014.

To mitigate this issue, it is necessary to use an alternative module that is actively maintained and provides similar functionality. There are multiple modules fitting this criteria available on npm..

References

GitHub Advisory

CPENameOperatorVersion
bleachge0.0.0

Related

cve 1
github 1
osv 1
cve
cve
CVE-2014-8881
2022-02-25 08:28:45
github
github
Regular Expression Denial of Service in bleach
2020-09-01 15:16:43
osv
osv
Regular Expression Denial of Service in bleach
2020-09-01 15:16:43
JSON
Related for NODEJS:47
cve1github1osv1