CVE-2017-16117

{"id": "CVE-2017-16117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-07T02:29:02.910", "references": [{"url": "https://github.com/dodo/node-slug/issues/82", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nodesecurity.io/advisories/537", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/dodo/node-slug/issues/82", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nodesecurity.io/advisories/537", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds."}, {"lang": "es", "value": "slug es un m\u00f3dulo para \"slugificar\" cadenas, incluso aunque contengan unicode. slug es vulnerable a una denegaci\u00f3n de servicio (DoS) por expresiones regulares si se pasan entradas no fiables especialmente manipuladas como entrada. Una cantidad aproximada de 50k caracteres pueden bloquear el bucle de eventos durante 2 segundos."}], "lastModified": "2024-11-21T03:15:51.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:slug_project:slug:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "B4A860E8-738F-47B1-8D22-44B57392F9F0", "versionEndIncluding": "0.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}