Description
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
Remediation
References
https://github.com/jprichardson/string.js/issues/212
https://nodesecurity.io/advisories/536
Related Vulnerabilities
CVE-2022-25894 Vulnerability in maven package com.bstek.uflo:uflo-core
CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin
CVE-2019-1010266 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash
CVE-2020-7792 Vulnerability in maven package org.webjars.npm:mout
CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver