Description

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

Remediation

References

https://nodesecurity.io/advisories/537

https://github.com/dodo/node-slug/issues/82

Related Vulnerabilities

CVE-2022-34115 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2020-16044 Vulnerability in npm package electron

CVE-2018-3721 Vulnerability in npm package lodash.merge

CVE-2019-10745 Vulnerability in npm package assign-deep

CVE-2022-24785 Vulnerability in maven package org.webjars.bower:moment

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory