Lucene search
+L

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/18 6:12 a.m.7 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283

Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...

7.5CVSS6.2AI score0.00746EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2025/02/12 7:45 p.m.4 views

3id-connect (>=1.0.0-alpha.3 <=1.0.0-alpha.4), 3id-test-helper (>=1.0.0 <=1.0.4) +1827 more potentially affected by CVE-2025-25283 via parse-duration (>=0.1.1 <=1.1.2)

parse-duration NPM version =0.1.1, =1.0.0-alpha.3, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =1.0.21, =1.0.0, =0.0.1, =0.0.1, =1.0.0-beta.0, =0.1.0, =1.0.0, =0.0.1, =1.0.3, =0.0.8, =1.1.14 and more Source cves: CVE-2025-25283 Source advisory: OSV:GHSA-HCRG-FC28-FCG5...

7.5CVSS5.7AI score0.00746EPSS
Exploits0
NVD
NVD
added 2025/02/12 7:15 p.m.47 views

CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS0.00746EPSS
Exploits0References3
CVE
CVE
added 2025/02/12 6:21 p.m.100 views

CVE-2025-25283

CVE-2025-25283 concerns parse-duration (node package). Versions prior to 2.1.3 are vulnerable to event-loop delay due to CPU-bound duration resolution and may cause an out-of-memory crash with large Unicode-containing inputs. A patch is available in 2.1.3; remediation is to upgrade to that versio...

7.5CVSS7.4AI score0.00746EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/12 6:21 p.m.20 views

CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS7.4AI score0.00746EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/12 6:21 p.m.47 views

CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS0.00746EPSS
Exploits0References3
Rows per page
Query Builder