Headline

GHSA-4gmj-3p3h-gm8h: es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Impact

Passing functions with very long names or complex default argument names into function#copy orfunction#toStringTokens may put script to stall

Patches

Fixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 Published with v0.10.63

Workarounds

No real workaround aside of refraining from using above utilities.

References

https://github.com/medikoo/es5-ext/issues/201

8 months ago

ghsa

Open in Source

#dos #git

es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Low severity GitHub Reviewed Published Feb 26, 2024 in medikoo/es5-ext • Updated Feb 26, 2024

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

2 days ago

ghsa

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

2 days ago

ghsa

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

2 days ago

ghsa

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

2 days ago

ghsa

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

2 days ago

ghsa