Vulnerable Package issue exists @ Npm-mocha-8.4.0 in branch main
The package mochais vulnerable to Regular Expression Denial of Service (ReDoS). The function clean in utils.js can make the server unavailable when a specially crafted input is provided. According to the official Pull Request, this was supposed to be fixed in version 10.0.0, but the fix is not proper and continues to allow the issue.
Vulnerable Package issue exists @ Npm-mocha-8.4.0 in branch main
The package
mochais vulnerable to Regular Expression Denial of Service (ReDoS). The functioncleaninutils.jscan make the server unavailable when a specially crafted input is provided. According to the official Pull Request, this was supposed to be fixed in version 10.0.0, but the fix is not proper and continues to allow the issue.Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1333
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 10.1.0
References Pull request Vulnerable code