You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of acorn are vulnerable to Regular Expression Denial of Service.
A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop.
The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.
If an application processes untrusted input and passes it directly to acorn,
attackers may leverage the vulnerability leading to Denial of Service.
Remediation
Upgrade acorn to version 6.4.1 or later. For example:
"dependencies": {
"acorn": ">=6.4.1"
}
or…
"devDependencies": {
"acorn": ">=6.4.1"
}
Always verify the validity and compatibility of suggestions with your codebase.
The text was updated successfully, but these errors were encountered:
Details
GHSA-6chw-6frg-f759
moderate severity
Vulnerable versions: >= 6.0.0, < 6.4.1
Patched version: 6.4.1
Affected versions of acorn are vulnerable to Regular Expression Denial of Service.
A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop.
The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.
If an application processes untrusted input and passes it directly to acorn,
attackers may leverage the vulnerability leading to Denial of Service.
Remediation
Upgrade acorn to version 6.4.1 or later. For example:
or…
Always verify the validity and compatibility of suggestions with your codebase.
The text was updated successfully, but these errors were encountered: