Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service (ReDoS) in jsx-slack
Vulnerability Description
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
jsx-slack 安全漏洞
Vulnerability Description
jsx-slack是从JSX为Slack 块套件表面构建 JSON 对象。 jsx-slack 存在安全漏洞,该漏洞源于软件针对正则表达式缺少有效的处理和过滤,用户容易受到正则表达式拒绝服务(ReDoS)攻击。如果攻击者可利用该漏洞可以将大量JSX元素放入标记中,用于转义字符的内部正则表达式可能会消耗过多的计算资源。
CVSS Information
N/A
Vulnerability Type
N/A