Headline
GHSA-c2jc-4fpr-4vhg: @sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Impact
User-provided strings to formula’s parser might lead to polynomial execution time.
Patches
Users should upgrade to 3.0.1+.
Workarounds
None.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
- Pricing
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-25166
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Moderate severity GitHub Reviewed Published Feb 8, 2023 in hapijs/formula
Package
npm @sideway/formula (npm)
Affected versions
< 3.0.1
Description
Published to the GitHub Advisory Database
Feb 8, 2023
Published by the National Vulnerability Database
Feb 8, 2023
Severity
CVSS base metrics
User interaction
Required
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weaknesses
GHSA ID
GHSA-c2jc-4fpr-4vhg
Source code
Related news
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.