CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29059 – nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string
https://notcve.org/view.php?id=CVE-2021-29059
21 Jun 2021 — A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. Se ha descubierto una vulnerabilidad en las versiones 2.1.0 a 4.2.2 e inferiores de IS-SVG en la que se produce una denegación de servicio por expresión regular (ReDOS) si se proporciona la aplicación y se comprueba una cadena SVG no válida elaborada. A flaw was found in IS-SVG where a Regular Expression ... • https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28092 – nodejs-is-svg: ReDoS via malicious string
https://notcve.org/view.php?id=CVE-2021-28092
12 Mar 2021 — The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. El paquete is-svg versiones 2.1.0 hasta 4.2.1 para Node.js, usa una expresión regular que es vulnerable a una Denegación de Servicio de Expresión Regular (ReDoS). Si un atacante proporciona una cadena maliciosa, is-svg se bloqueará al procesar la entrad... • https://github.com/sindresorhus/is-svg/releases • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •