Lucene search
Veracode Vulnerability DatabaseVERACODE:38844HistoryJan 12, 2023 - 4:43 a.m.
Regular Expression Denial Of Service (ReDoS)
2023-01-1204:43:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
string-kit
redos
vulnerability
naturalsort.js
user-input
application crash
0.001 Low
EPSS
Percentile
48.0%
string-kit is vulnerable to regular expression denial of service attacks. The vulnerability exists via the module.exports function in naturalSort.js, which does not properly handle user-input data due to to inefficient regular expression complexity, allowing an attacker to cause an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| string-kit | le | 0.12.7 | |
| string-kit | le | 0.12.7 |
Related
github
github
string-kit Inefficient Regular Expression Complexity vulnerability
2023-01-02 09:31:57
prion
prion
Design/Logic Flaw
2023-01-02 08:15:00
cve
cve
CVE-2021-4299
2023-01-02 08:15:10
cvelist
cvelist
CVE-2021-4299 cronvel string-kit naturalSort.js naturalSort redos
2023-01-02 07:57:07
nvd
nvd
CVE-2021-4299
2023-01-02 08:15:10
osv
osv
CVE-2021-4299
2023-01-02 08:15:10
string-kit Inefficient Regular Expression Complexity vulnerability
2023-01-02 09:31:57