Regular Expression Denial of Service (ReDoS)
Affecting uc.micro package, versions <=1.0.0
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
The uc.micro is a Micro subset of unicode data files for markdown-it projects. Affected versions of this package are at risk of a Regular expression Denial of Service attack.
Remediation
Update uc.micro
to version 1.0.1 or greater.
References
CVSS Score
3.7
low severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityNone
-
AvailabilityLow
- Credit
- Vitaly Puzrin
- CWE
- CWE-400
- Snyk ID
- npm:uc.micro:20160530
- Disclosed
- 30 May, 2016
- Published
- 06 Oct, 2016