Description
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 can address this issue.
Recommendation
Update the string-kit package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.12.8
- Patched version(s): 0.12.8
References
Related Issues
- Vercel ms Inefficient Regular Expression Complexity vulnerability - CVE-2017-20162
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- billboard.js allows prototype pollution via the function generate - CVE-2025-49223
- Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
- Tags:
- npm
- string-kit
Anything's wrong? Let us know Last updated on February 03, 2023