es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Description

Passing functions with very long names or complex default argument names into function#copy orfunction#toStringTokens may put script to stall

Recommendation

Update the es5-ext package to the latest compatible version. Followings are version details:

• Affected version(s): >= 0.10.0, < 0.10.63
• Patched version(s): 0.10.63

References

• GHSA-4gmj-3p3h-gm8h
• CVE-2024-27088
• CWE-1333
• CAPEC-310
• OWASP 2021-A6

Related Issues

• angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
• Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing - CVE-2024-1899
• steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
• angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

es5-ext