CVE-2021-23354

Posted on 2021년 3월 13일2021년 3월 13일 by admin

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /%(?:(([w_.]+))|([1-9]d*)$)?([0 +-]*)(*|d+)?(.)?(*|d+)?[hlL]?([%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.

Source: CVE-2021-23354

답글 남기기 응답 취소