Lucene search
+L

6 matches found

Github Security Blog
Github Security Blog
added 2022/01/06 6:34 p.m.56 views

jsx-slack insufficient patch for CVE-2021-43838 ReDoS

We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...

7.5CVSS1.6AI score0.01916EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2021/12/20 10:15 p.m.24 views

Design/Logic Flaw

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

5CVSS7.5AI score0.01916EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2021/12/17 7:59 p.m.21 views

GHSA-55XV-F85C-248Q Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service ReDoS attack. Impact If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. javascript /...

3.7CVSS7.3AI score0.01916EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2021/12/17 7:15 p.m.4 views

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

7.5CVSS7.1AI score0.01377EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/12/17 6:20 p.m.36 views

CVE-2021-43838 Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

5.3CVSS7.7AI score0.01377EPSS
Exploits1References2
CVE
CVE
added 2021/12/17 6:20 p.m.64 views

CVE-2021-43838

The vulnerability CVE-2021-43838 affects the jsx-slack package (<= version 4.5.1). An internal regular expression used to escape blockquote content can suffer catastrophic backtracking when encountering multibyte characters inside a , potentially allowing a ReDoS-type resource exhaustion. Conn...

7.5CVSS6.1AI score0.01377EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder