6 matches found
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283
Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...
3id-connect (>=1.0.0-alpha.3 <=1.0.0-alpha.4), 3id-test-helper (>=1.0.0 <=1.0.4) +1827 more potentially affected by CVE-2025-25283 via parse-duration (>=0.1.1 <=1.1.2)
parse-duration NPM version =0.1.1, =1.0.0-alpha.3, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =1.0.21, =1.0.0, =0.0.1, =0.0.1, =1.0.0-beta.0, =0.1.0, =1.0.0, =0.0.1, =1.0.3, =0.0.8, =1.1.14 and more Source cves: CVE-2025-25283 Source advisory: OSV:GHSA-HCRG-FC28-FCG5...
CVE-2025-25283
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...
CVE-2025-25283
CVE-2025-25283 concerns parse-duration (node package). Versions prior to 2.1.3 are vulnerable to event-loop delay due to CPU-bound duration resolution and may cause an out-of-memory crash with large Unicode-containing inputs. A patch is available in 2.1.3; remediation is to upgrade to that versio...
CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...
CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...