5 matches found
Denial of Service
Overview The package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. Recommendation Upgrade to version 2.2.4 or later References - CVE - GitHub Advisory...
@abbott-platform/abbott-framework (>=1.6.0 <=1.6.7), @abbott-platform/api-ai-botkit (>=1.5.3 <=1.5.4) +636 more potentially affected by CVE-2021-23371 via chrono-node (>=0.0.3 <=2.2.3)
chrono-node NPM version =0.0.3, =1.6.0, =1.5.3, =0.2.0, =1.3.0, =0.3.0, =3.1.0, =1.0.0, =4.0.0, =0.0.4, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.2.3 and more Source cves: CVE-2021-23371 Source advisory: OSV:GHSA-HPMR-G4PQ-JHGP...
CVE-2021-23371
The CVE-2021-23371 issue affects the npm package chrono-node prior to version 2.2.4, where parsing date-like strings containing a large number of embedded spaces can cause the application to hang. Public advisories and references (GitHub advisory GHSA-hpmr-g4pq-jhgp, OSV, CNVD/CNNVD entries, and ...
CVE-2021-23371
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
@metascraper/helpers (>=5.12.14 <=5.21.0), @urlint/core (>=1.9.14 <=1.9.17) +61 more potentially affected by CVE-2021-23371 via chrono-node (>=2.0.2 <=2.2.3)
chrono-node NPM version =2.0.2, =5.12.14, =1.9.14, =1.0.0, =1.24.76, =1.24.76, =1.24.76, =1.32.40, =1.24.76, =1.24.76, =1.24.76, =1.24.76, =1.24.76, =1.32.47-alpha.0, =1.24.76, =1.24.76, =1.32.83 and more Source cves: CVE-2021-23371 Source advisory: SNYK:JS-CHRONONODE-1083228...