EUVD-2025-29527

Malicious code in bioql PyPI...

@-xun/symbiote (>=3.7.0 <=4.11.4), @0x57/pierre (>=0.0.3 <=0.0.16) +897 more potentially affected by unknown CVE via @eslint/plugin-kit (>=0.1.0 <=0.2.8)

@eslint/plugin-kit NPM version =0.1.0, =3.7.0, =0.0.3, =1.1.44, =1.1.14, =0.0.1-alpha.3, =0.0.1, =10.0.0, =10.0.0, =8.3.0, =13.0.0, =2.6.0, =2.2.9, =0.0.2, =35.0.1, =38.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XFFM-G5W8-QVG7...

Regular Expression Denial Of Service (ReDoS)

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, allowing an attacker to increase CPU usage and crash the program...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

GHSA-7Q7G-4XM8-89CQ Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

Crafting a very large and well crafted string can increase the CPU usage and crash the program. POC js const ConfigCommentParser = require"@eslint/plugin-kit"; var str = ""; for var i = 0; i 1000000; i++ str += " "; str += "A"; console.log"start" var parser = new ConfigCommentParser;...

Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

Crafting a very large and well crafted string can increase the CPU usage and crash the program. POC js const ConfigCommentParser = require"@eslint/plugin-kit"; var str = ""; for var i = 0; i 1000000; i++ str += " "; str += "A"; console.log"start" var parser = new ConfigCommentParser;...

@2digits/eslint-config (>=2.6.0 <=2.7.0), @2digits/eslint-plugin (>=2.2.9 <=2.3.0) +37 more potentially affected by CVE-2024-21539 via @eslint/plugin-kit (=0.1.0)

@eslint/plugin-kit NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @eslint/plugin-kit and may be impacted: - @2digits/eslint-config =2.6.0, =2.2.9, =0.0.133, =1.23.46, =2.0.1, =20240910.35.32, =13.2.8, =2024.3.44, =2024.3.45 -...

@2digits/eslint-config (>=2.6.0 <=2.7.0), @2digits/eslint-plugin (>=2.2.9 <=2.3.0) +37 more potentially affected by CVE-2024-21539 via @eslint/plugin-kit (=0.1.0)

@eslint/plugin-kit NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @eslint/plugin-kit and may be impacted: - @2digits/eslint-config =2.6.0, =2.2.9, =0.0.133, =1.23.46, =2.0.1, =20240910.35.32, =13.2.8, =2024.3.44, =2024.3.45 -...

Regular Expression Denial of Service (ReDoS)

Overview @eslint/plugin-kit is an Utilities for building ESLint plugins. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...