EUVD-2021-1106

Malware in sbrugna...

Denial of Service

Overview The package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. Recommendation Upgrade to version 2.2.4 or later References - CVE - GitHub Advisory...

@abbott-platform/abbott-framework (>=1.6.0 <=1.6.7), @abbott-platform/api-ai-botkit (>=1.5.3 <=1.5.4) +657 more potentially affected by CVE-2021-23371 via chrono-node (>=0.0.3 <=2.2.3)

chrono-node NPM version =0.0.3, =1.6.0, =1.5.3, =0.2.0, =1.3.0, =0.3.0, =3.1.0, =1.0.0, =4.0.0, =0.0.4, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.2.3 and more Source cves: CVE-2021-23371 Source advisory: OSV:GHSA-HPMR-G4PQ-JHGP...

Denial of service in chrono-node

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

GHSA-HPMR-G4PQ-JHGP Denial of service in chrono-node

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

Denial Of Service (DoS)

chrono-node is vulnerable to denial of service DoS. The vulnerability exists due to catastrophic backtracking in the regex matching, due to embedded spaces in the parseTimeUnits function...

Unspecified vulnerability in Npm chrono-node

Npm chrono-node is an application from Npm USA. Used to handle most date/time formats and extract information from any given text. A security vulnerability exists in Chrono-node prior to version 2.2.4, which stems from the program hanging on date-like strings with a large number of embedded space...

CVE-2021-23371

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

CVE-2021-23371

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

CVE-2021-23371

The CVE-2021-23371 issue affects the npm package chrono-node prior to version 2.2.4, where parsing date-like strings containing a large number of embedded spaces can cause the application to hang. Public advisories and references (GitHub advisory GHSA-hpmr-g4pq-jhgp, OSV, CNVD/CNNVD entries, and ...

CVE-2021-23371 Regular Expression Denial of Service (ReDoS)

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

CVE-2021-23371

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

Npm chrono-node 安全漏洞

Npm chrono-node is an application from Npm USA. Used to handle most date/time formats and extract information from any given text. A security vulnerability exists in Chrono-node prior to version 2.2.4, which stems from the program hanging on date-like strings with a large number of embedded space...

Regular Expression Denial of Service (ReDoS)

Overview chrono-node is an A natural language date parser in Javascript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It hangs on a date-like string with lots of embedded spaces. Details Denial of Service DoS describes a family of attacks, all aim...

@metascraper/helpers (>=5.12.14 <=5.21.0), @urlint/core (>=1.9.14 <=1.9.17) +61 more potentially affected by CVE-2021-23371 via chrono-node (>=2.0.2 <=2.2.3)

chrono-node NPM version =2.0.2, =5.12.14, =1.9.14, =1.0.0, =1.24.76, =1.24.76, =1.24.76, =1.32.40, =1.24.76, =1.24.76, =1.24.76, =1.24.76, =1.24.76, =1.32.47-alpha.0, =1.24.76, =1.24.76, =1.32.83 and more Source cves: CVE-2021-23371 Source advisory: SNYK:JS-CHRONONODE-1083228...