The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.
References
Link | Resource |
---|---|
https://github.com/denosaurs/emoji/pull/11 | Patch |
https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v | Vendor Advisory |
https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/ | Exploit |
Configurations
History
08 May 2023, 17:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:denosaurs:emoji:*:*:*:*:*:*:*:* | |
References | (MISC) https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/ - Exploit | |
References | (MISC) https://github.com/denosaurs/emoji/pull/11 - Patch | |
References | (MISC) https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v - Vendor Advisory |
28 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-28 21:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-30858
Mitre link : CVE-2023-30858
CVE.ORG link : CVE-2023-30858
JSON object : View
Products Affected
denosaurs
- emoji
CWE
CWE-1333
Inefficient Regular Expression Complexity