CVE-2017-16117

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-16117

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16117.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16117

Aliases

GHSA-jxqq-cqm6-pfq9

Published

2018-06-07T02:29:02.910Z

Modified

2026-04-02T00:07:29.659516Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

References

Affected packages

Git / github.com/dodo/node-slug

Affected ranges

Type

GIT

Repo

https://github.com/dodo/node-slug

Events

Introduced

Last affected

ff7426b2fdc084df4ac1ba058ad1ddda62ea2030

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.1"
        }
    ]
}

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.2.2

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.4.0

0.4.1

0.4.2

0.5.0

0.6.0

0.7.0

0.7.1

0.8.0

0.9.0

0.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16117.json"