Astra Linux - уязвимость в node-get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

Regular Expression Denial Of Service (ReDoS)

get-func-name is vulnerable to Regular Expression Denial Of Service. The vulnerability is due to the getFuncName function in index.js not properly checking the functionSource size and length. which allows an attacker to trigger a DOS attack by using an input like '\t'.repeat54773 + '\t/function/i...

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

UBUNTU-CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

get-func-name Security Vulnerability

get-func-name is a Chaijs open source module for securely and consistently retrieving function names in NodeJS and browsers. A security vulnerability exists in get-func-name versions prior to 2.0.1, which stems from a regular expression denial-of-service redos vulnerability in the system that cou...

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646

CVE-2023-43646 affects the get-func-name module (NodeJS and browser) where versions before 2.0.1 are vulnerable to a Regular Expression Denial of Service (ReDoS) caused by imbalance in parentheses that triggers catastrophic backtracking and high CPU usage on malicious input (e.g., a tab-heavy str...

PT-2023-28897 · Unknown +1 · Get-Func-Name +1

Name of the Vulnerable Software and Affected Versions: get-func-name versions prior to 2.0.1 Description: The issue is related to a regular expression denial of service redos vulnerability in the get-func-name module, which can lead to a denial of service when parsing malicious input. This...