Description

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

Remediation

References

https://github.com/dodo/node-slug/issues/82

https://nodesecurity.io/advisories/537

Related Vulnerabilities

CVE-2019-19771 Vulnerability in npm package crytpo-js

CVE-2020-27216 Vulnerability in maven package org.mortbay.jetty:jetty

CVE-2020-15168 Vulnerability in npm package node-fetch

CVE-2016-10590 Vulnerability in npm package cue-sdk-node

CVE-2023-37953 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory