2 matches found
@chenng/recognition (=1.0.0), @evelaguti/uberocr (>=0.0.1 <=0.0.3) +71 more potentially affected by CVE-2018-25079 via is-url (>=0.1.0 <=1.2.2)
is-url NPM version =0.1.0, =0.0.1, =1.0.1, =0.4.0, =0.1.1, =0.1.0, =0.0.4, =0.0.1, =1.0.5, =0.4.0, =0.4.0, =0.1.0, =0.1.4 and more Source cves: CVE-2018-25079 Source advisory: OSV:GHSA-P9W8-2MPQ-49H9...
CVE-2018-25079
The CVE-2018-25079 entry concerns Segmentio is-url up to version 1.2.2. The issue is in an unknown function within index.js that causes inefficient regular expression complexity (redos). Impact is remote exploitation with potential denial of service risk (high availability impact) as per the CVSS...