The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HUglifyjs Project Uglifyjs
APPUglifyjs Project≤ 2.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Powiązane podatności
CVE-2022-37598CRITICAL9.8ten sam produkt
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variabl...
CVE-2015-8857CRITICAL9.8ten sam produkt
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewritin...