6 matches found
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service ReDoS attack. This vulnerability affects to jsx-slack v4.5.1 and earlier versions. Impact If attacker can put a lot of JSX elements into tag with including multibyte...
Design/Logic Flaw
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
GHSA-55XV-F85C-248Q Regular Expression Denial of Service (ReDoS) in jsx-slack
jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service ReDoS attack. Impact If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. javascript /...
CVE-2021-43838
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...
CVE-2021-43838 Regular Expression Denial of Service (ReDoS) in jsx-slack
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...
CVE-2021-43838
The vulnerability CVE-2021-43838 affects the jsx-slack package (<= version 4.5.1). An internal regular expression used to escape blockquote content can suffer catastrophic backtracking when encountering multibyte characters inside a , potentially allowing a ReDoS-type resource exhaustion. Conn...