2 matches found
CVE-2017-16115
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...
Regular Expression Denial Of Service (ReDoS)
braces is vulnerable to Regular expression Denial of Service ReDoS. parser.js uses regular expression ^\,+?:\,+\,|,?:\,+\,+\ to detects empty braces, consuming 10 seconds matching time for data 50K characters long...