PT-2020-6965 · Trim+2 · Trim+2

Liyuan Chen

Published

2020-10-27

Updated

2026-06-04

CVE-2020-7753

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions trim versions prior to 0.0.3 trim (affected versions not specified, but all versions are mentioned as vulnerable in some sources)

Description The issue is related to the trim() function in the trim package, which is vulnerable to Regular Expression Denial of Service (ReDoS). This vulnerability can be exploited by a remote attacker to cause a denial of service. The vulnerability is associated with uncontrolled resource consumption.

Recommendations For versions prior to 0.0.3, update to version 0.0.3 or later. For other affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the trim() function until a patch is available.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2024-02583

CVE-2020-7753

GHSA-W5P7-H5W8-2HFQ

OPENSUSE-SU-2024:12723-1

SNYK-JAVA-ORGWEBJARSNPM-1022132

SNYK-JS-TRIM-1017038

SUSE-RU-2024:0511-1

SUSE-SU-2023:2575-1

SUSE-SU-2023:2578-1

SUSE-SU-2023:2579-1

SUSE-SU-2023_2578-1

SUSE-SU-2024:0191-1

SUSE-SU-2024:0196-1

SUSE-SU-2024:0486-1

SUSE-SU-2024:0487-1

Affected Products

Red Os

Suse

Trim

PT-2020-6965 · Trim+2 · Trim+2

CVE-2020-7753

Weakness Enumeration

Related Identifiers

Affected Products

References · 186