EPSS
Percentile
68.6%
path-parse is vulnerable to regular expression denial of service. An attacker is able to produce a denial of service condition in the application through worst-case time complexity via splitDeviceRe, splitTailRe and splitPathRe.
splitDeviceRe
splitTailRe
splitPathRe
github.com/jbgutierrez/path-parse/commit/09e1086512bd50f2767b8c32fa74c0ff0be4c8cd
github.com/jbgutierrez/path-parse/issues/8
lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E