Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:29408
HistoryFeb 16, 2021 - 4:13 a.m.

Regular Expression Denial Of Service (ReDoS)

2021-02-1604:13:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
lodash
vulnerability
regular expression
denial of service

EPSS

0.002

Percentile

61.4%

lodash is vulnerable to regular expression denial of service. The usage of the insecure regex /\s+$/ allows an attacker to cause exponential processing time which could eventually lead to a denial of service condition.