4 matches found
GHSA-6CHW-6FRG-F759 Regular Expression Denial of Service in Acorn
Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...
@21epub/resource-lib (>=1.0.0 <=1.0.3), @alex_xu/xdb (=0.1.0-snapshot.41) +260 more potentially affected by unknown CVE via acorn (>=6.0.0 <=6.4.0)
acorn NPM version =6.0.0, =1.0.0, =2018.10.14-0, =2018.10.14-0, =0.8.0, =4.0.0-alpha.0, =4.0.0, =0.0.1, =0.1.0, =1.0.0, =3.0.0, =12.1.0, =0.1.6, =1.0.0, =1.1.8 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6CHW-6FRG-F759...
@adhd/reverse (>=0.0.1 <=0.1.7), @ambroseus/tsdx (>=0.12.4 <=0.12.5) +64 more potentially affected by unknown CVE via acorn (>=7.0.0 <=7.1.0)
acorn NPM version =7.0.0, =0.0.1, =0.12.4, =0.12.2, =3.4.1, =0.0.1-alpha.1, =0.0.0, =0.0.0, =0.0.0, =0.1.1, =0.2.0, =0.0.1, =1.0.44, =1.0.4, =1.1.8-7, =1.0.4, =1.0.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6CHW-6FRG-F759...
Regular Expression Denial of Service
Overview Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application...