4 matches found
CVE-2021-43843
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
CVE-2021-43843
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
CVE-2021-43843
CVE-2021-43843 concerns the jsx-slack package, where the patch for CVE-2021-43838 in v4.5.1 failed to fully protect against a ReDoS caused by multibyte characters in a blockquote. The issue affects jsx-slack’s internal escaping regex, potentially increasing resource usage when many JSX elements a...
CVE-2021-43843 Insufficient patch for Regular Expression Denial of Service (ReDoS) to jsx-slack v4.5.1
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...