MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ZmMtd3BxeC0zM2o3

Moderate EPSS: 0.00364% (0.57666 Percentile) EPSS:

Permalink JSON

Uncontrolled Resource Consumption in trim-off-newlines

Affected Packages	Affected Versions	Fixed Versions
npm:trim-off-newlines PURL: `pkg:npm/trim-off-newlines`	< 1.0.3	1.0.3
82 Dependent packages 129,051 Dependent repositories 3,920,516 Downloads last month Affected Version Ranges All affected versions 0.0.0, 1.0.0, 1.0.1, 1.0.2 All unaffected versions 1.0.3

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-23425
https://github.com/stevemao/trim-off-newlines/blob/master/index.js%23L6
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567197
https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
https://github.com/stevemao/trim-off-newlines/pull/3
https://github.com/advisories/GHSA-38fc-wpqx-33j7

Identifiers

GHSA-38fc-wpqx-33j7

CVE-2021-23425

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00364

EPSS Percentile: 0.57666

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/stevemao/trim-off-newlines

Date and time

Published

about 4 years ago

Updated

almost 3 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories