fugit parse and parse_nat stall on lengthy input

Impact The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check user input leng...

CVE-2024-43380 fugit parse and parse_nat stall on lengthy input

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...

CVE-2024-43380 fugit parse and parse_nat stall on lengthy input

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...

CVE-2024-43380

CVE-2024-43380 affects the fugit component used by the floraison group. The issue stems from the fugit "natural" parser, which converts phrases like “every Wednesday at 5pm” to a cron expression. It accepted inputs of any length and could continue parsing without returning, causing an uncontrolle...

Regular Expression Denial Of Service (ReDoS)

markdown-it is vulnerable to regular expression denial of service. An attacker is able to slow down the whole system by injecting a string of length greater than 50 thousand characters...