Vulnerability Details CVE-2023-30858
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.8%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/denosaurs/emoji/pull/11
- https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v
- https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/
- https://github.com/denosaurs/emoji/pull/11
- https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v
- https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/
Products affected by CVE-2023-30858
-
cpe:2.3:a:denosaurs:emoji:0.1.0
-
cpe:2.3:a:denosaurs:emoji:0.1.1
-
cpe:2.3:a:denosaurs:emoji:0.1.2
-
cpe:2.3:a:denosaurs:emoji:0.2.0
-
cpe:2.3:a:denosaurs:emoji:0.2.1