Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory
Vulnerability Description
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively, and an out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. Version 2.1.3 contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
parse-duration 安全漏洞
Vulnerability Description
parse-duration是Jake Rosoman个人开发者的一个将可读的持续时间转换为毫秒的应用程序。 parse-duration 2.1.3版本之前存在安全漏洞,该漏洞源于在解析字符串时的CPU密集型操作,可能导致事件循环延迟。
CVSS Information
N/A
Vulnerability Type
N/A