Lucene search
GoogleOSV:GHSA-9FHW-R42P-5C7RHistoryMar 01, 2021 - 8:44 p.m.
Regular expression Denial of Service in @progfay/scrapbox-parser
2021-03-0120:44:44
Google
osv.dev
6
0.002 Low
EPSS
Percentile
55.4%
Impact
A Regular expression Denial of Service flaw was found in the @progfay/scrapbox-parser package before 6.0.3, 7.0.2 for Node.js.
The attacker that is able to be parsed a specially crafted text may cause the application to consume an excessive amount of CPU.
Patches
Upgrade to version 6.0.3, 7.0.2 or later.
Workarounds
Avoid to parse text with a lot of [ chars.
References
- https://github.com/progfay/scrapbox-parser/pull/519
- https://github.com/progfay/scrapbox-parser/pull/539
- https://github.com/progfay/scrapbox-parser/pull/540
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27405
- https://snyk.io/vuln/SNYK-JS-PROGFAYSCRAPBOXPARSER-1076803
For more information
If you have any questions or comments about this advisory:
- Open an issue in github.com/progfay/scrapbox-parser
| CPE | Name | Operator | Version |
|---|---|---|---|
| @progfay/scrapbox-parser | ge | 7.0.0 | |
| @progfay/scrapbox-parser | lt | 6.0.3 | |
| @progfay/scrapbox-parser | lt | 7.0.2 |
Related
github
github
Regular expression Denial of Service in @progfay/scrapbox-parser
2021-03-01 20:44:44
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-02-22 04:05:27
nvd
nvd
CVE-2021-27405
2021-02-19 05:15:19
nodejs
nodejs
Regular Expression Denial of Service
2021-03-01 20:54:05
prion
prion
Design/Logic Flaw
2021-02-19 05:15:00
cve
cve
CVE-2021-27405
2021-02-19 05:15:19
cvelist
cvelist
CVE-2021-27405
2021-02-19 04:03:48