2 matches found
Inefficient Regular Expression Complexity in liriliri/licia
āļø Description A ReDoS regular expression denial of service flaw was found in the licia package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar to https://nvd.nist.gov/vuln/detail/CVE-2020-28500 šµļøāāļø...
Prototype Pollution in liriliri/licia
Description licia package is vulnerable to prototype pollution issue files can be found in https://github.com/liriliri/licia/blob/master/src/e/extendDeep.js & https://github.com/liriliri/licia/blob/master/src/s/safeSet.jsL46 Proof of Concept 1. Creating poc filed js var utils = require'licia'; va...