GHSA-68qg-g787-3rp5

Source

https://github.com/advisories/GHSA-68qg-g787-3rp5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-68qg-g787-3rp5/GHSA-68qg-g787-3rp5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-68qg-g787-3rp5

Aliases

CVE-2020-26306

Published

2024-10-26T21:30:46Z

Modified

2024-10-28T14:57:09.885595Z

Severity

6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green CVSS Calculator

Summary

Knwl.js Regular Expression Denial of Service vulnerability

Details

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

Database specific

{
    "cwe_ids": [
        "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-28T14:50:17Z",
    "nvd_published_at": "2024-10-26T21:15:13Z",
    "severity": "MODERATE"
}

References

Affected packages

npm / knwl.js

Package

Name: knwl.js; View open source insights on deps.dev
Purl: pkg:npm/knwl.js

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-68qg-g787-3rp5/GHSA-68qg-g787-3rp5.json"