Lucene search
GoogleOSV:GHSA-JXQQ-CQM6-PFQ9HistoryJul 24, 2018 - 8:06 p.m.
Regular Expression Denial of Service in slug
2018-07-2420:06:45
Google
osv.dev
6
0.001 Low
EPSS
Percentile
43.2%
Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input.
The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds,
About 50k characters can block the event loop for 2 seconds.
Recommendation
Update to version 0.9.2 or later.
Related
cvelist
cvelist
CVE-2017-16117
2018-04-26 00:00:00
nvd
nvd
CVE-2017-16117
2018-06-07 02:29:02
prion
prion
Input validation
2018-06-07 02:29:00
cve
cve
CVE-2017-16117
2018-06-07 02:29:02
osv
osv
CVE-2017-16117
2018-06-07 02:29:02
nodejs
nodejs
Regular Expression Denial of Service
2017-09-25 19:20:56
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2017-09-26 05:32:24
github
github
Regular Expression Denial of Service in slug
2018-07-24 20:06:45