4 matches found
@21epub/resource-lib (>=1.0.0 <=1.0.3), @alex_xu/xdb (=0.1.0-snapshot.41) +259 more potentially affected by unknown CVE via acorn (>=6.0.0 <=6.4.0)
acorn NPM version =6.0.0, =1.0.0, =2018.10.14-0, =2018.10.14-0, =0.8.0, =4.0.0-alpha.0, =4.0.0, =0.0.1, =0.1.0, =1.0.0, =3.0.0, =12.1.0, =0.1.6, =1.0.0, =1.1.8 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6CHW-6FRG-F759...
@adhd/reverse (>=0.0.1 <=0.1.7), @ambroseus/tsdx (>=0.12.4 <=0.12.5) +64 more potentially affected by unknown CVE via acorn (>=7.0.0 <=7.1.0)
acorn NPM version =7.0.0, =0.0.1, =0.12.4, =0.12.2, =3.4.1, =0.0.1-alpha.1, =0.0.0, =0.0.0, =0.0.0, =0.1.1, =0.2.0, =0.0.1, =1.0.44, =1.0.4, =1.1.8-7, =1.0.4, =1.0.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6CHW-6FRG-F759...
GHSA-6CHW-6FRG-F759 Regular Expression Denial of Service in Acorn
Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...
Regular Expression Denial of Service
Overview Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application...