Lucene search
GoogleOSV:CVE-2021-43838HistoryDec 17, 2021 - 7:15 p.m.
CVE-2021-43838
2021-12-1719:15:07
Google
osv.dev
3
0.002 Low
EPSS
Percentile
61.1%
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into <blockquote> tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.
Related
cve
cve
CVE-2021-43843
2021-12-20 22:15:07
CVE-2021-43838
2021-12-17 19:15:07
osv
osv
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
2022-01-06 18:34:18
Regular Expression Denial of Service (ReDoS) in jsx-slack
2021-12-17 19:59:02
CVE-2021-43843
2021-12-20 22:15:07
nvd
nvd
CVE-2021-43843
2021-12-20 22:15:07
CVE-2021-43838
2021-12-17 19:15:07
prion
prion
Design/Logic Flaw
2021-12-20 22:15:00
Code injection
2021-12-17 19:15:00
cvelist
cvelist
github
github
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
2022-01-06 18:34:18
Regular Expression Denial of Service (ReDoS) in jsx-slack
2021-12-17 19:59:02
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-12-21 04:26:09