PT-2022-11325 · Unknown · Split-Html-To-Chars
Published
2022-06-27
·
Updated
2023-08-08
·
CVE-2021-40897
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
split-html-to-chars version 1.0.5
Description
A Regular Expression Denial of Service (ReDOS) issue was found in the software when it processes crafted invalid HTML. This occurs due to inefficient regular expression patterns that can lead to excessive resource consumption, causing a denial of service.
Recommendations
For split-html-to-chars version 1.0.5, consider updating to a newer version that addresses this issue, as the current version is affected by the ReDOS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Split-Html-To-Chars