Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:29575
HistoryMar 05, 2021 - 12:54 a.m.

Regular Expression Denial Of Service (ReDoS)

2021-03-0500:54:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11

EPSS

0.003

Percentile

69.6%

html-parse-stringify2 is vulnerable to regular express denial of service (ReDoS). The vulnerability exists through the regular expression of tagRE where parsing strings with multiple ' and " can consume huge amount of CPU resources.

CPENameOperatorVersion
html-parse-stringify2le2.0.0

EPSS

0.003

Percentile

69.6%