Description
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
Remediation
References
https://nodesecurity.io/advisories/536
https://github.com/jprichardson/string.js/issues/212
Related Vulnerabilities
CVE-2021-29369 Vulnerability in npm package gnuplot
CVE-2022-2596 Vulnerability in maven package org.webjars.npm:node-fetch
CVE-2016-10735 Vulnerability in maven package ua.mobius.media:bootstrap
CVE-2021-26541 Vulnerability in npm package gitlog
CVE-2021-37578 Vulnerability in maven package org.apache.juddi:juddi-core