PT-2023-12403 · Unknown · Cronvel String-Kit
Published
2023-01-02
·
Updated
2024-05-17
·
CVE-2021-4299
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
cronvel string-kit versions up to 0.12.7
Description
A problematic issue was found in the
naturalSort function of the lib/naturalSort.js file, leading to inefficient regular expression complexity. The attack can be initiated remotely.Recommendations
For cronvel string-kit versions up to 0.12.7, upgrade to version 0.12.8 to address this issue. As a temporary workaround, consider restricting the use of the
naturalSort function until the patch is applied.Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cronvel String-Kit