Lucene search
PRIOn knowledge basePRION:CVE-2021-43838HistoryDec 17, 2021 - 7:15 p.m.
Code injection
2021-12-1719:15:00
PRIOn knowledge base
www.prio-n.com
4
0.001 Low
EPSS
Percentile
38.1%
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into <blockquote> tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.
Related
cvelist
cvelist
nvd
nvd
CVE-2021-43838
2021-12-17 19:15:07
CVE-2021-43843
2021-12-20 22:15:07
cve
cve
CVE-2021-43838
2021-12-17 19:15:07
CVE-2021-43843
2021-12-20 22:15:07
github
github
Regular Expression Denial of Service (ReDoS) in jsx-slack
2021-12-17 19:59:02
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
2022-01-06 18:34:18
osv
osv
CVE-2021-43838
2021-12-17 19:15:07
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
2022-01-06 18:34:18
Regular Expression Denial of Service (ReDoS) in jsx-slack
2021-12-17 19:59:02
prion
prion
Design/Logic Flaw
2021-12-20 22:15:00