Dayshift

**Name of the Vulnerable Software and Affected Versions** prettier versions up to 3.6.2 **Description** A vulnerability exists in prettier due to inefficient regular expression complexity within the `parseNestedCSS` function of the `src/language-css/parser-postcss.js` file. The manipulation of the `node` argument can trigger this issue. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** Versions prior to 3.6.2 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** chinese-poetry version 0.1 **Description:** A problematic issue exists due to inefficient regular expression complexity in the processing of the file `rank/server.js`. This issue can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: vercel hyper versions up to 3.4.1 Description: A problematic vulnerability has been found in vercel hyper, affecting the function `expand/braceExpand/ignoreMap` of the file `hyper/bin/rimraf-standalone.js`. This issue leads to inefficient regular expression complexity and can be initiated remotely. The exploit has been disclosed to the public. Recommendations: For vercel hyper versions up to 3.4.1, consider updating to a version that fixes the inefficient regular expression complexity issue in the `expand/braceExpand/ignoreMap` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CodeMirror versions up to 5.17.0 Description: A vulnerability was found in the Markdown Mode component, specifically in the file mode/markdown/markdown.js, leading to inefficient regular expression complexity. This issue can be exploited remotely. The problem is related to some unknown functionality of the component. It is noted that CodeMirror 6 is more actively maintained, implying that the vulnerable version may be outdated. Recommendations: For CodeMirror versions up to 5.17.0, consider updating to a newer version, as CodeMirror 6 is mentioned to be more actively maintained, which may include fixes for the issue. As a temporary workaround, consider restricting the use of the Markdown Mode component until a patch is available.

Name of the Vulnerable Software and Affected Versions: Meteor versions up to 3.2.1 Description: A vulnerability was found in the function `Object.assign` of the file `packages/ddp-server/livedata server.js`. The manipulation of the argument `forwardedFor` leads to inefficient regular expression complexity. The attack may be initiated remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. Recommendations: For versions up to 3.2.1, upgrade to version 3.2.2 to address this issue. As a temporary workaround, consider restricting the use of the `Object.assign` function in the `livedata server.js` file until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** uBlock Origin versions up to 1.63.3b16 **Description** A vulnerability has been found in the UI component of uBlock Origin, specifically in the function `currentStateChanged` of the file `src/js/1p-filters.js`. This issue leads to inefficient regular expression complexity, which can be exploited remotely. The complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public. **Recommendations** For versions up to 1.63.3b16, upgrade to version 1.63.3b17 to address this issue. As a temporary workaround, consider restricting the use of the `currentStateChanged` function in the `src/js/1p-filters.js` file until the patch is applied.