Description
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 can address this issue.
Recommendation
Update the string-kit package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.12.8
- Patched version(s): 0.12.8
References
Related Issues
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
- XSS in jQuery as used in Drupal, Backdrop CMS, and other products - CVE-2019-11358
- Bootstrap Vulnerable to Cross-Site Scripting (GHSA-9v3m-8fp8-mj99) - CVE-2019-8331
- Tags:
- npm
- string-kit
Anything's wrong? Let us know Last updated on February 03, 2023