PT-2023-23014 · Unknown · Denosaurs Emoji Package

Leodog896

Published

2023-04-28

Updated

2023-05-08

CVE-2023-30858

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Denosaurs emoji package versions 0.1.0 through 0.2.x

Description The Denosaurs emoji package has an issue where the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. This issue can cause problems when handling large payloads. As a workaround, users can avoid using the replace, unemojify, or strip functions to minimize the risk.

Recommendations For Denosaurs emoji package versions 0.1.0 through 0.2.x, update to version 0.3.0 to resolve the issue. As a temporary workaround, consider avoiding the use of the replace, unemojify, or strip functions until the update is applied.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2023-30858

GHSA-W2XX-HJHP-GX5V

Affected Products

Denosaurs Emoji Package

PT-2023-23014 · Unknown · Denosaurs Emoji Package

CVE-2023-30858

Weakness Enumeration

Related Identifiers

Affected Products

References · 9