5 matches found
02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11734 more potentially affected by CVE-2021-29059 via is-svg (>=2.1.0 <=4.2.2)
is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-29059 Source advisory: OSV:GHSA-R8J5-H5CX-65GG...
02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11729 more potentially affected by CVE-2021-28092 via is-svg (>=2.1.0 <=4.2.1)
is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-28092 Source advisory: OSV:GHSA-7R28-3M3F-R2PR...
GHSA-7R28-3M3F-R2PR Regular Expression Denial of Service (ReDoS)
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input...
02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +11734 more potentially affected by CVE-2021-28092 +1 more via is-svg (>=2.1.0 <=4.2.2)
is-svg NPM version =2.1.0, =1.0.0, =1.0.4, =5.0.0, =1.0.3, =0.0.1, =1.0.2, =2.0.0, =1.1.8, =1.0.0, =1.0.4 - 4design =0.0.1 and more Source cves: CVE-2021-28092, CVE-2021-29059 Source advisory: SNYK:JS-ISSVG-1243891...
Regular Expression Denial Of Service (ReDoS)
is-svg is vulnerable to regular expression denial of service. An attacker is able to crash the application via a malicious SVG/XML document due to the usage of an insecure regular expression...