Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cDctaDV3OC0yaGZx
Regular Expression Denial of Service in trim
All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Permalink: https://github.com/advisories/GHSA-w5p7-h5w8-2hfqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cDctaDV3OC0yaGZx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-w5p7-h5w8-2hfq, CVE-2020-7753
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7753
- https://github.com/component/trim/pull/8
- https://github.com/component/trim/blob/master/index.js
- https://github.com/component/trim/blob/master/index.js%23L6
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038
- https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03@%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a@%3Ccommits.airflow.apache.org%3E
- https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
Blast Radius: 41.5
Affected Packages
npm:trim
Dependent packages: 404Dependent repositories: 336,955
Downloads: 12,482,535 last month
Affected Version Ranges: < 0.0.3
Fixed in: 0.0.3
All affected versions: 0.0.1, 0.0.2
All unaffected versions: 0.0.3, 1.0.0, 1.0.1