Description
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
Remediation
References
https://github.com/indexzero/TimeSpan.js/issues/10
https://nodesecurity.io/advisories/533
Related Vulnerabilities
CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core
CVE-2022-0144 Vulnerability in npm package shelljs
CVE-2020-8141 Vulnerability in maven package org.webjars.bowergithub.olado:dot
CVE-2022-37260 Vulnerability in npm package steal
CVE-2022-46366 Vulnerability in maven package tapestry:tapestry