Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cDctaDV3OC0yaGZx

Regular Expression Denial of Service in trim

All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Permalink: https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cDctaDV3OC0yaGZx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: over 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-w5p7-h5w8-2hfq, CVE-2020-7753
References:

• https://nvd.nist.gov/vuln/detail/CVE-2020-7753
• https://github.com/component/trim/pull/8
• https://github.com/component/trim/blob/master/index.js
• https://github.com/component/trim/blob/master/index.js%23L6
• https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132
• https://snyk.io/vuln/SNYK-JS-TRIM-1017038
• https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9@%3Ccommits.airflow.apache.org%3E
• https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b@%3Ccommits.airflow.apache.org%3E
• https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196@%3Ccommits.airflow.apache.org%3E
• https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03@%3Ccommits.airflow.apache.org%3E
• https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a@%3Ccommits.airflow.apache.org%3E
• https://github.com/advisories/GHSA-w5p7-h5w8-2hfq

Repository: https://github.com/component/trim
Blast Radius: 41.5

Affected Packages