PT-2021-17444 · Npm · @Progfay/Scrapbox-Parser

Progfay

Published

2021-02-19

Updated

2021-03-30

CVE-2021-27405

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions @progfay/scrapbox-parser versions prior to 6.0.3 @progfay/scrapbox-parser versions prior to 7.0.2

Description A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package for Node.js. This issue allows an attacker to cause the application to consume an excessive amount of CPU by parsing specially crafted text.

Recommendations For versions prior to 6.0.3, upgrade to version 6.0.3 or later. For versions prior to 7.0.2, upgrade to version 7.0.2 or later. As a temporary workaround, avoid parsing text with a lot of [ characters to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-27405

GHSA-9FHW-R42P-5C7R

Affected Products

@Progfay/Scrapbox-Parser

PT-2021-17444 · Npm · @Progfay/Scrapbox-Parser

CVE-2021-27405

Weakness Enumeration

Related Identifiers

Affected Products

References · 10