Regular Expression Denial of Service - nwmatcher

Description

A Regular Expression vulnerability was found in nwmatcher before 1.4.4. The fix replacing multiple repeated instances of the “\s*” pattern.

Recommendation

Update the nwmatcher package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.4.4
• Patched version(s): 1.4.4

References

• GHSA-6394-6h9h-cfjg
• CWE-400

Related Issues

• CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
• Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304
• ua-parser-js Regular Expression Denial of Service vulnerability - CVE-2020-7793
• prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

nwmatcher