Lucene search
Veracode Vulnerability DatabaseVERACODE:38829HistoryJan 11, 2023 - 4:24 a.m.
Regular Expression Denial Of Service (ReDoS)
2023-01-1104:24:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
redos vulnerability
terminal-kit
insecure regex pattern
malicious strings
crash
application
bignumber
EPSS
0.002
Percentile
52.4%
terminal-kit is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in multiple functions of the library, allowing an attacker to crash the application by providing a malicious strings such as '^['.repeat(bigNumber).
Related
osv
osv
CVE-2021-4306
2023-01-07 17:15:09
terminal-kit Inefficient Regular Expression Complexity vulnerability
2023-01-07 18:30:20
cvelist
cvelist
CVE-2021-4306 cronvel terminal-kit redos
2023-01-07 16:29:08
cve
cve
CVE-2021-4306
2023-01-07 17:15:09
github
github
terminal-kit Inefficient Regular Expression Complexity vulnerability
2023-01-07 18:30:20
nvd
nvd
CVE-2021-4306
2023-01-07 17:15:09
prion
prion
Design/Logic Flaw
2023-01-07 17:15:00