CVE-2017-16116

Name of the Vulnerable Software and Affected Versions: string (affected versions not specified)

Description: The issue concerns a regular expression denial of service that occurs when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods of the string module.

Recommendations: Avoid passing user input to the underscore and unescapeHTML methods as a temporary workaround. Consider applying the user-provided patch available, although it has not been tested or merged by the package author, as an alternative solution.