nodejs-trim-newlines: ReDoS in .end() method

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

nodejs-trim-off-newlines: ReDoS via string processing

A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing. The highest threat from this vulnerability is to system availability...

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-24025 DESCRIPTION: node-sass...

nodejs-axios: Regular expression denial of service in trim function

A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...

@0xgraph/cli (>=0.0.1 <=0.2.1), @alexandermacarthur/strip-html (>=1.0.0 <=1.0.1) +816 more potentially affected by CVE-2020-28500 via lodash.trim (>=4.18.0 <=4.5.1)

lodash.trim NPM version =4.18.0, =0.0.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =1.0.0, =0.0.1, =0.1.0, =0.1.3, =0.1.0, =6.0.0, =5.0.0, =0.3.2-alpha.2, =0.3.3-beta-12 and more Source cves: CVE-2020-28500 Source advisory: OSV:GHSA-29MW-WPGM-HMR9...

Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...

GHSA-29MW-WPGM-HMR9 Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...

Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ ret ...

GHSA-XX4C-JJ58-R7X6 Inefficient Regular Expression Complexity in Validator.js

Impact Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers. Patches The problem has been patched in validator 13.7.0...

PT-2021-21765 · Unknown · Validator.Js

Name of the Vulnerable Software and Affected Versions: validator.js versions prior to 13.7.0 Description: The issue is related to Inefficient Regular Expression Complexity. It affects the rtrim and trim sanitizers. There is no information provided about the estimated number of potentially affecte...

in bookstackapp/bookstack

Description The image extension validation service for Base64 image extraction in new Bookstack version is flawed as it uses the vulnerable trim function. This allows attackers to upload malicious files with broken extension, such as pngr, and browsers will interpret broken extension hosted on th...

nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions is possible...

Uncontrolled Resource Consumption in trim-off-newlines

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

Regular Expression Denial Of Service (ReDoS)

axios is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in trim in utils.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string as a header...

CVE-2021-23425

CVE-2021-23425 affects the nodejs-trim-off-newlines package; all versions of trim-off-newlines are vulnerable to ReDoS via string processing. The issue is confirmed in multiple sources (NVD entry and Red Hat advisory RHSA-2022:4711) with an overall Medium impact (CVSS v3.1 base score 5.3; Availab...

CVE-2021-23425

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

stevemao trim-off-newlines 处理逻辑错误漏洞

trim-off-newlines is used by NPM to remove line breaks. A processing logic error vulnerability exists in stevemao trim-off-newlines that stems from the fact that all versions of trim-off-newlines are susceptible to a Regular Expression Denial of Service ReDoS attack via string processing...

PT-2021-12045 · Unknown · Uwebsockets

Name of the Vulnerable Software and Affected Versions: uWebSockets versions 18.11.0 through 18.12.0 Description: The issue is related to a stack-based buffer overflow in the uWS::TopicTree::trimTree function, which is called from uWS::TopicTree::unsubscribeAll. The vendor disputes the severity of...

The vulnerability of the toNumber, trim, and trimEnd functions in the lodash library for application software from Aurora Center involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the toNumber, trim, and trimEnd functions in the lodash library for application software from Aurora Center involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Regular Expression Denial of Service

Overview trim-newlines before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method. Recommendation Upgrade to versions 3.0.1 or 4.0.1 or later References - CVE - GitHub Advisory...