2 matches found
theo (>=6.0.0-alpha.7 <=6.0.0-beta.7) potentially affected by CVE-2017-16099 via no-case (=2.3.1)
no-case NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on no-case and may be impacted: - theo =6.0.0-alpha.7, =6.0.0-beta.7 Source cves: CVE-2017-16099 Source advisory: OSV:GHSA-FF6R-5JWM-8292...
CVE-2017-16099
The CVE-2017-16099 entry concerns the nodejs-no-case (no-case) module, which is vulnerable to a regular expression denial of service (ReDoS). The underlying issue arises when untrusted user input is parsed by no-case, causing the event loop to block and potentially impacting availability. Public ...