Balassy

**Name of the Vulnerable Software and Affected Versions** zxcvbn-ts versions prior to 3.0.2 **Description** This issue affects users running on the NodeJS platform who are using the second argument of the `zxcvbn` function. It can result in unbounded resource consumption as the user inputs array is extended with every function call. Both browsers and NodeJS platforms are impacted, but the effect on browsers requires a significant number of input changes from a single user, whereas the NodeJS process can be more easily affected as it receives inputs from every user of a platform. **Recommendations** For versions prior to 3.0.2, upgrade to version 3.0.2 or later. For users unable to upgrade, stop using the second argument of the `zxcvbn` function and use the `zxcvbnOptions.setOptions` function instead.