2 matches found
react-icons (>=0.2.0 <=0.2.1) potentially affected by CVE-2017-16023 via decamelize (=1.1.1)
decamelize NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on decamelize and may be impacted: - react-icons =0.2.0, =0.2.1 Source cves: CVE-2017-16023 Source advisory: OSV:GHSA-Q5C4-39F5-M68J...
CVE-2017-16023
CVE-2017-16023 affects the decamelize library (versions 1.1.0–1.1.1). The root cause is the use of regular expressions to validate input containing unescaped separators (dash/dot/underscore/space) when converting to camelCase, which can be exploited to cause a denial of service. Relevant entries ...