Description
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 can address this issue.
Recommendation
Update the string-kit package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.12.8
- Patched version(s): 0.12.8
References
Related Issues
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- steal Inefficient Regular Expression Complexity vulnerability via string variable - CVE-2022-37259
- Inefficient Regular Expression Complexity in vuelidate - CVE-2021-3794
- Inefficient Regular Expression Complexity in handsontable - CVE-2021-23446
- Tags:
- npm
- string-kit
Anything's wrong? Let us know Last updated on February 03, 2023