3 matches found
@abtnode/mongoose-nedb (=1.0.16), @alma/widgets (>=4.0.0 <=4.3.8) +271 more potentially affected by CVE-2018-13863 via bson (>=0.5.2 <=1.0.4)
bson NPM version =0.5.2, =4.0.0, =0.2.4, =0.2.4, =0.0.0, =0.4.1, =0.3.0, =0.2.0, =0.3.0, =0.3.0, =0.2.0, =0.0.1, =1.6.3-ml, =0.3.0, =0.0.1, =0.0.3 and more Source cves: CVE-2018-13863 Source advisory: OSV:GHSA-8462-Q7X7-G2X4...
CVE-2018-13863
The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...
CVE-2018-13863
The vulnerability concerns the MongoDB bson JavaScript module (js-bson). Versions 0.5.0 through before 1.0.5 are susceptible to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js when Decimal128.fromString() parses a long, untrusted string. This is the concrete root cause as...