← volver
CVE-2023-30858

Denosaurs emoji has ReDoS vulnerability in `replace` function

CVSS 5.3 MEDIUMEPSS 1.2%CWE-1333
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Productos afectados
denosaurs · emoji

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/denosaurs/emoji/pull/11https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5vhttps://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/