CVE-2021-39176

CVE-2021-39176 (detect-character-encoding) affects the detect-character-encoding library (ICU-based) up to version 0.3.0. The root cause is that allocated memory is not released, leading to memory exhaustion. The issue has been patched in v0.3.1. Related advisories (GitHub GHSA, OSV, Red Hat, NVD...

CVE-2021-39157

The CVE-2021-39157 entry relates to detect-character-encoding, a library where data matching with no charset in versions ≤0.6.0 can crash a Node.js process. The issue is resolved by upgrading to v0.7.0, as documented in Red Hat and GHSA advisories, with no workaround provided. Impact is a crash/d...