5 matches found
EUVD-2021-0627
Malware in sbrugna...
Regular Expression Denial of Service (ReDoS)
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input...
CVE-2021-28092
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...
Design/Logic Flaw
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...
PT-2021-17738 · Npm · Is-Svg
Name of the Vulnerable Software and Affected Versions: is-svg package versions 2.1.0 through 4.2.1 Description: The issue concerns a Regular Expression Denial of Service ReDoS vulnerability in the is-svg package for Node.js. If an attacker provides a malicious string, the package will get stuck...