GHSA-4gmj-3p3h-gm8h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4gmj-3p3h-gm8h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-4gmj-3p3h-gm8h/GHSA-4gmj-3p3h-gm8h.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-4gmj-3p3h-gm8h
- Aliases
- Published
- 2024-02-26T20:01:28Z
- Modified
- 2024-02-26T20:26:58.156366Z
- Summary
- es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
- Details
-
Impact
Passing functions with very long names or complex default argument names into
function#copyorfunction#toStringTokensmay put script to stallPatches
Fixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 Published with v0.10.63
Workarounds
No real workaround aside of refraining from using above utilities.
References
https://github.com/medikoo/es5-ext/issues/201
- Database specific
{ "nvd_published_at": "2024-02-26T17:15:11Z", "cwe_ids": [ "CWE-1333" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-02-26T20:01:28Z" }- References
-
- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
- https://nvd.nist.gov/vuln/detail/CVE-2024-27088
- https://github.com/medikoo/es5-ext/issues/201
- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2
- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602
- https://github.com/medikoo/es5-ext
Affected packages
npm / es5-ext
Package
- Name
- es5-ext
- View open source insights on deps.dev
- Purl
- pkg:npm/es5-ext