Lucene search
GoogleOSV:GHSA-Q75G-2496-MXPPHistoryJul 24, 2018 - 8:11 p.m.
Regular Expression Denial of Service in parsejson
2018-07-2420:11:13
Google
osv.dev
6
EPSS
0.001
Percentile
45.5%
Affected versions of parsejson are vulnerable to a regular expression denial of service when parsing untrusted user input.
Recommendation
The parsejson package has not been functionally updated since it was initially released.
Additionally, it provides functionality which is natively included in Node.js, and therefore the native JSON.parse() should be used, for both performance and security reasons.
Related
nodejs
nodejs
Regular Expression Denial of Service
2017-09-08 20:43:02
cvelist
cvelist
CVE-2017-16113
2018-06-07 02:00:00
redhatcve
redhatcve
CVE-2017-16113
2019-08-15 04:52:23
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2017-09-22 08:07:50
nvd
nvd
CVE-2017-16113
2018-06-07 02:29:02
cve
cve
CVE-2017-16113
2018-06-07 02:29:02
prion
prion
Input validation
2018-06-07 02:29:00
github
github
Regular Expression Denial of Service in parsejson
2018-07-24 20:11:13