GHSA-JGRX-MGXX-JF9V tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...

CVE-2021-3777

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3777

CVE-2021-3777: nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity (ReDoS). IBM X-Force lists CVSS v3.1 base score 7.5 (HIGH) with Network attack vector, no user interaction, and Availability impact. No remediation details are provided in the supplied documents.

CVE-2021-3777 Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity...

nodejs-tmpl 安全漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine, by packaging the Chromev8 engine and the use of event-driven and non-blocking IO applications make it possible to develop high-performance background applications in Javascript. A security vulnerability exists in nodejs-tmpl...

Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️‍♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...