CVE-2021-23425 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2021-23425
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. Todas las versiones del paquete trim-off-newlines son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) por medio de procesamiento de cadenas. A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. The highest threat from this vulnerability is to system availability. • https://github.com/stevemao/trim-off-newlines/blob/master/index.js%23L6 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567197 https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850 https://access.redhat.com/security/cve/CVE-2021-23425 https://bugzilla.redhat.com/show_bug.cgi?id=1995793 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-33623 – nodejs-trim-newlines: ReDoS in .end() method
https://notcve.org/view.php?id=CVE-2021-33623
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. El paquete trim-newlines versiones anteriores a 3.0.1 y versiones 4.x anteriores a 4.0.1 para Node.js, presenta un problema relacionado con una denegación de servicio de expresión regular (ReDoS) para el método .end() A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. • https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1 https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html https://security.netapp.com/advisory/ntap-20210702-0007 https://www.npmjs.com/package/trim-newlines https://access.redhat.com/security/cve/CVE-2021-33623 https://bugzilla.redhat.com/show_bug.cgi?id=1966615 • CWE-400: Uncontrolled Resource Consumption •