Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service (ReDoS)
Vulnerability Description
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
N/A
Vulnerability Title
Worms David node-printf 安全漏洞
Vulnerability Description
Worms David node-printf是 (Worms David)开源的一个应用软件。一个完整实现的printfC函数族对Node.js的,写在纯JavaScript。 node-printf before 0.6.1 存在安全漏洞,该漏洞源于容易受到正则表达式拒绝服务(ReDoS)。
CVSS Information
N/A
Vulnerability Type
N/A