Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inefficient Regular Expression Complexity in get-func-name
Vulnerability Description
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
get-func-name 安全漏洞
Vulnerability Description
get-func-name是Chaijs开源的一个在 NodeJS 和浏览器中安全一致地检索函数名称的模块。 get-func-name 2.0.1 之前版本存在安全漏洞,该漏洞源于系统存在正则表达式拒绝服务 (redos) 漏洞,可能在解析恶意输入时导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A