Skip to content

Uncontrolled Resource Consumption in ansi-html

high severity Published Sep 2, 2021 • Updated Sep 7, 2021

Package

npm ansi-html (npm)

Affected versions

<= 0.0.7

Patched versions

None

Description

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.

References

CVE ID

CVE-2021-23424

CVSS Score

7.5 High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H