Description
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.
Remediation
References
https://github.com/blakeembrey/no-case/issues/17
https://nodesecurity.io/advisories/529
Related Vulnerabilities
CVE-2021-28170 Vulnerability in maven package org.glassfish:jakarta.el
CVE-2019-10411 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-rt-core
CVE-2015-2913 Vulnerability in maven package com.orientechnologies:orientdb-server
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4