PT-2018-6144 · Slug · Slug

Cristianstaicu

Published

2018-06-07

Updated

2019-10-09

CVE-2017-16117

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: slug versions prior to 0.9.2

Description: The issue concerns a regular expression denial of service in the slug module when specially crafted untrusted input is passed. This can cause the event loop to block for 2 seconds with approximately 50,000 characters.

Recommendations: Update to version 0.9.2 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-16117

GHSA-JXQQ-CQM6-PFQ9

Affected Products

Slug

PT-2018-6144 · Slug · Slug

CVE-2017-16117

Weakness Enumeration

Related Identifiers

Affected Products

References · 7