Lucene search
+L

4 matches found

NVD
NVD
added 2021/12/20 10:15 p.m.21 views

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

7.5CVSS0.01916EPSS
Exploits1References4
OSV
OSV
added 2021/12/20 10:15 p.m.28 views

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

7.5CVSS7.1AI score
Exploits0References4
CVE
CVE
added 2021/12/20 9:15 p.m.57 views

CVE-2021-43843

CVE-2021-43843 concerns the jsx-slack package, where the patch for CVE-2021-43838 in v4.5.1 failed to fully protect against a ReDoS caused by multibyte characters in a blockquote. The issue affects jsx-slack’s internal escaping regex, potentially increasing resource usage when many JSX elements a...

7.5CVSS6.1AI score0.01916EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/12/20 9:15 p.m.34 views

CVE-2021-43843 Insufficient patch for Regular Expression Denial of Service (ReDoS) to jsx-slack v4.5.1

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

5.3CVSS7.7AI score0.01916EPSS
Exploits1References4
Rows per page
Query Builder