Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1wbXZ2LTU3cmctNWc4Ns4ABAsF

CommonRegexJS Regular Expression Denial of Service vulnerability

CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

Permalink: https://github.com/advisories/GHSA-pmvv-57rg-5g86
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wbXZ2LTU3cmctNWc4Ns4ABAsF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 25 days ago
Updated: 7 days ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-pmvv-57rg-5g86, CVE-2020-26305
References: Repository: https://github.com/talyssonoc/CommonRegexJS
Blast Radius: 0.0

Affected Packages

npm:commonregex
Dependent packages: 1
Dependent repositories: 1
Downloads: 76 last month
Affected Version Ranges: <= 0.3.1
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1