CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-23354

CVE-2021-23354 affects the Node.js printf package prior to 0.6.1. A vulnerable regex in lib/printf.js can cause a Regular Expression Denial of Service (ReDoS) with cubic worst-case time complexity. Exposure is tied to the printf implementation, not a broader platform. To remediate, upgrade to 0.6...