Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wbXZ2LTU3cmctNWc4Ns4ABAsF
CommonRegexJS Regular Expression Denial of Service vulnerability
CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
Permalink: https://github.com/advisories/GHSA-pmvv-57rg-5g86JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wbXZ2LTU3cmctNWc4Ns4ABAsF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 25 days ago
Updated: 7 days ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-pmvv-57rg-5g86, CVE-2020-26305
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-26305
- https://github.com/talyssonoc/CommonRegexJS/issues/4
- https://securitylab.github.com/advisories/GHSL-2020-291-redos-CommonRegexJS
- https://github.com/advisories/GHSA-pmvv-57rg-5g86
Blast Radius: 0.0
Affected Packages
npm:commonregex
Dependent packages: 1Dependent repositories: 1
Downloads: 76 last month
Affected Version Ranges: <= 0.3.1
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1