Open dev-mend-for-github-com[bot] opened 2 years ago
slugifies even utf-8 chars!
Library home page: https://registry.npmjs.org/slug/-/slug-0.9.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/slug/package.json
Found in HEAD commit: d804f0146ba2b48648893ac54a20b8bcb43f60d5
Dependency Hierarchy: - :x: **slug-0.9.1.tgz** (Vulnerable Library)
Found in base branch: main
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
Publish Date: 2018-06-07
URL: CVE-2017-16117
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/537
Release Date: 2018-06-07
Fix Resolution: 0.9.2
:rescue_worker_helmet: Automatic Remediation is available for this issue.
slugifies even utf-8 chars!
Library home page: https://registry.npmjs.org/slug/-/slug-0.9.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/slug/package.json
Found in HEAD commit: d804f0146ba2b48648893ac54a20b8bcb43f60d5
Vulnerabilities
Details
CVE-2017-16117
### Vulnerable Library - slug-0.9.1.tgzslugifies even utf-8 chars!
Library home page: https://registry.npmjs.org/slug/-/slug-0.9.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/slug/package.json
Dependency Hierarchy: - :x: **slug-0.9.1.tgz** (Vulnerable Library)
Found in HEAD commit: d804f0146ba2b48648893ac54a20b8bcb43f60d5
Found in base branch: main
### Vulnerability Detailsslug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
Publish Date: 2018-06-07
URL: CVE-2017-16117
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.npmjs.com/advisories/537
Release Date: 2018-06-07
Fix Resolution: 0.9.2
:rescue_worker_helmet: Automatic Remediation is available for this issue:rescue_worker_helmet: Automatic Remediation is available for this issue.