regular expression denial of service (ReDoS)
High severity
GitHub Reviewed
Published
Dec 24, 2020
in
knowledgecode/date-and-time
•
Updated Feb 1, 2023
Description
Reviewed
Dec 24, 2020
Published to the GitHub Advisory Database
Dec 24, 2020
Published by the National Vulnerability Database
Dec 28, 2020
Last updated
Feb 1, 2023
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
References