mend-for-github-com[bot]
commented
1 month ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
ECMAScript parser
Library home page: https://cdnjs.cloudflare.com/ajax/libs/acorn/5.5.3/acorn_loose.es.js
Path to vulnerable library: /s
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2020-0042
### Vulnerable Library - acorn_loose.es-5.5.3.jsECMAScript parser
Library home page: https://cdnjs.cloudflare.com/ajax/libs/acorn/5.5.3/acorn_loose.es.js
Path to vulnerable library: /s
Dependency Hierarchy: - :x: **acorn_loose.es-5.5.3.js** (Vulnerable Library)
Found in base branch: main
### Vulnerability Detailsacorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
Publish Date: 2020-03-01
URL: WS-2020-0042
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-6chw-6frg-f759
Release Date: 2020-03-01
Fix Resolution: acorn - 5.7.4,6.4.1,7.1.1