GHSA-q75g-2496-mxpp

Suggest an improvement
Source
https://github.com/advisories/GHSA-q75g-2496-mxpp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-q75g-2496-mxpp/GHSA-q75g-2496-mxpp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q75g-2496-mxpp
Aliases
  • CVE-2017-16113
Published
2018-07-24T20:11:13Z
Modified
2023-11-08T03:59:05.586673Z
Summary
Regular Expression Denial of Service in parsejson
Details

Affected versions of parsejson are vulnerable to a regular expression denial of service when parsing untrusted user input.

Recommendation

The parsejson package has not been functionally updated since it was initially released.

Additionally, it provides functionality which is natively included in Node.js, and therefore the native JSON.parse() should be used, for both performance and security reasons.

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:51:20Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH"
}
References

Affected packages

npm / parsejson

Package

Name
parsejson
View open source insights on deps.dev
Purl
pkg:npm/parsejson

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.3

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-q75g-2496-mxpp/GHSA-q75g-2496-mxpp.json"