dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability #25

New Issue
Closed
opened 2023-02-09 05:38:38 +00:00 by argoyle · 0 comments
argoyle commented 2023-02-09 05:38:38 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

⚠️ dependabot-gitlab has detected security vulnerability for @sideway/formula in path: /, manifest_file: /package.json but was unable to update it! ⚠️

Package Severity Affected versions Patched versions IDs
@sideway/formula (NPM) MODERATE < 3.0.1 3.0.1 GHSA-c2jc-4fpr-4vhg,CVE-2023-25166

Description

Impact

User-provided strings to formula's parser might lead to polynomial execution time.

Patches

Users should upgrade to 3.0.1+.

Workarounds

None.

References

⚠️ `dependabot-gitlab` has detected security vulnerability for `@sideway/formula` in path: `/`, manifest_file: `/package.json` but was unable to update it! ⚠️ * https://github.com/advisories/GHSA-c2jc-4fpr-4vhg | Package | Severity | Affected versions | Patched versions | IDs | |------------------------|----------|-------------------|------------------|----------------------------------------| | @sideway/formula (NPM) | MODERATE | < 3.0.1 | 3.0.1 | `GHSA-c2jc-4fpr-4vhg`,`CVE-2023-25166` | # Description ### Impact User-provided strings to formula's parser might lead to polynomial execution time. ### Patches Users should upgrade to 3.0.1+. ### Workarounds None. # References * https://github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhg * https://nvd.nist.gov/vuln/detail/CVE-2023-25166 * https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe * https://github.com/advisories/GHSA-c2jc-4fpr-4vhg
argoyle (Migrated from gitlab.com) closed this issue 2023-06-02 14:11:04 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label security severity:moderate
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#25
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?