string-kit is vulnerable to regular expression denial of service attacks. The vulnerability exists via the module.exports
function in naturalSort.js
, which does not properly handle user-input data due to to inefficient regular expression complexity, allowing an attacker to cause an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
string-kit | le | 0.12.7 | |
string-kit | le | 0.12.7 |