Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Low

medikoo published GHSA-4gmj-3p3h-gm8h

Feb 26, 2024

Package

es5-ext (npm)

Affected versions

>= 0.10.0, < 0.10.63

Patched versions

0.10.63

Description

Impact

Passing functions with very long names or complex default argument names into function#copy orfunction#toStringTokens may put script to stall

Patches

Fixed with 3551cdd and a52e957
Published with v0.10.63

Workarounds

No real workaround aside of refraining from using above utilities.

References

Severity

Low

0.0

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N