2 matches found
nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...
Regular Expression Denial of Service (ReDoS)
Overview io.konig:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th, 2018 -...