PT-2023-23014 · Unknown · Denosaurs Emoji Package

Leodog896

Publicado

2023-04-28

Atualizado

2023-05-08

CVE-2023-30858

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Denosaurs emoji package versions 0.1.0 through 0.2.x

Description The Denosaurs emoji package has an issue where the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. This issue can cause problems when handling large payloads. As a workaround, users can avoid using the replace, unemojify, or strip functions to minimize the risk.

Recommendations For Denosaurs emoji package versions 0.1.0 through 0.2.x, update to version 0.3.0 to resolve the issue. As a temporary workaround, consider avoiding the use of the replace, unemojify, or strip functions until the update is applied.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333

Identificadores relacionados

CVE-2023-30858

GHSA-W2XX-HJHP-GX5V

Produtos afetados

Denosaurs Emoji Package

PT-2023-23014 · Unknown · Denosaurs Emoji Package

CVE-2023-30858

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9