Vulnerability Details CVE-2021-23425
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/stevemao/trim-off-newlines/blob/master/index.js%23L6
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567197
- https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
- https://github.com/stevemao/trim-off-newlines/blob/master/index.js%23L6
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567197
- https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
Products affected by CVE-2021-23425
-
cpe:2.3:a:trim-off-newlines_project:trim-off-newlines:1.0.0
-
cpe:2.3:a:trim-off-newlines_project:trim-off-newlines:1.0.1
-
cpe:2.3:a:trim-off-newlines_project:trim-off-newlines:1.0.2