GHSA-XFHP-GMH8-R8V2 printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

PT-2021-15456 · Printf · Printf

Name of the Vulnerable Software and Affected Versions: printf versions prior to 0.6.1 Description: The issue concerns a Regular Expression Denial of Service ReDoS vulnerability via a regex string in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity, which can b...