terser is vulnerable to regular expression denial of service. The vulnerability exists in index.js and evaluate.js because regular expressions used are not properly handled which allows an attacker to send crafted requests which causes an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
terser | le | 5.14.1 | |
terser | le | 5.7.1 | |
terser | le | 5.14.1 | |
terser | le | 5.7.1 | |
node-terser:sid | eq | 4.1.2-7 | |
grafana | eq | 7.5.15__3.el8 | |
grafana | eq | 6.7.4__1.el8 | |
grafana | eq | 7.5.7__2.el8 | |
grafana | eq | 7.5.9__2.el8 | |
grafana | eq | 7.5.9__3.el8 |