Description

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

Remediation

References

https://github.com/dodo/node-slug/issues/82

https://nodesecurity.io/advisories/537

Related Vulnerabilities

CVE-2017-16042 Vulnerability in maven package org.webjars.npm:growl

CVE-2020-36282 Vulnerability in maven package com.rabbitmq.jms:rabbitmq-jms

CVE-2020-7632 Vulnerability in npm package node-mpv

CVE-2018-20318 Vulnerability in maven package com.github.binarywang:weixin-java-common

CVE-2019-10158 Vulnerability in maven package org.infinispan:infinispan-spring5-common

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory