Regular Expression Denial of Service (DoS)

Affecting uc.micro package, versions <=1.0.0

Do your applications use this vulnerable package? Test your applications

Overview

The uc.micro is a Micro subset of unicode data files for markdown-it projects. Affected versions of this package are at risk of a Regular expression Denial of Service attack.

Remediation

Update uc.micro to version 1.0.1 or greater.

References

CVSS Score

3.7
low severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    Low
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Credit
Vitaly Puzrin
CWE
CWE-400
Snyk ID
npm:uc.micro:20160530
Disclosed
30 May, 2016
Published
06 Oct, 2016