Description
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
Remediation
References
https://github.com/jprichardson/string.js/issues/212
https://nodesecurity.io/advisories/536
Related Vulnerabilities
CVE-2023-26156 Vulnerability in maven package org.webjars.npm:chromedriver
CVE-2023-45278 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox
CVE-2020-15138 Vulnerability in maven package org.webjars.npm:prismjs
CVE-2022-25898 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign