A Regular expression Denial of Service flaw was found in the @progfay/scrapbox-parser package before 6.0.3, 7.0.2 for Node.js.
The attacker that is able to be parsed a specially crafted text may cause the application to consume an excessive amount of CPU.
Upgrade to version 6.0.3, 7.0.2 or later.
Avoid to parse text with a lot of [
chars.
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
@progfay/scrapbox-parser | ge | 7.0.0 | |
@progfay/scrapbox-parser | lt | 6.0.3 | |
@progfay/scrapbox-parser | lt | 7.0.2 |