Description

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

Remediation

References

https://github.com/dodo/node-slug/issues/82

https://nodesecurity.io/advisories/537

Related Vulnerabilities

CVE-2016-10726 Vulnerability in maven package org.dspace:dspace-xmlui

CVE-2023-22467 Vulnerability in maven package org.webjars.bowergithub.moment:luxon

CVE-2021-41109 Vulnerability in npm package parse-server

CVE-2019-10365 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine

CVE-2014-3625 Vulnerability in maven package org.springframework:spring-webmvc

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory