Vulnerability CVE-2017-16116


Published: 2018-06-06   Modified: 2018-06-07

Description:
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
String project -> String 
Stringjs -> String 

 References:
https://github.com/jprichardson/string.js/issues/212
https://nodesecurity.io/advisories/536

Copyright 2024, cxsecurity.com

 

Back to Top