Description

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

Remediation

References

https://github.com/dodo/node-slug/issues/82

https://nodesecurity.io/advisories/537

Related Vulnerabilities

CVE-2020-15779 Vulnerability in npm package socket.io-file

CVE-2020-1697 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

CVE-2013-2134 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-26486 Vulnerability in maven package org.webjars.npm:vega-functions

CVE-2018-16462 Vulnerability in npm package apex-publish-static-files

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory