4 matches found
EUVD-2025-29527
Malicious code in bioql PyPI...
GHSA-XFFM-G5W8-QVG7 @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...
GHSA-7Q7G-4XM8-89CQ Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Crafting a very large and well crafted string can increase the CPU usage and crash the program. POC js const ConfigCommentParser = require"@eslint/plugin-kit"; var str = ""; for var i = 0; i 1000000; i++ str += " "; str += "A"; console.log"start" var parser = new ConfigCommentParser;...