3 matches found
0g-serving-broker (=0.1.0), 10x-cli (=0.0.7) +3297 more potentially affected by CVE-2026-24001 via diff (>=6.0.0 <=8.0.2)
diff NPM version =6.0.0, =0.1.0, =1.0.0, =0.5.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.11, =1.7.0 and more Source cves: CVE-2026-24001 Source advisory: SNYK:JS-DIFF-14917201...
Regular Expression Denial of Service (ReDoS)
Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...
Regular Expression Denial of Service (ReDoS)
Overview com.sksamuel.diff:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th,...