Description
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
Remediation
References
https://github.com/jprichardson/string.js/issues/212
https://nodesecurity.io/advisories/536
Related Vulnerabilities
CVE-2021-42767 Vulnerability in maven package org.neo4j.procedure:apoc
CVE-2020-19697 Vulnerability in npm package editor.md
CVE-2022-39944 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc
CVE-2020-15999 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-8125 Vulnerability in maven package org.webjars.npm:klona