logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

NPM-ESLINT-20180222 eslint

Package

Manager: npm
Name: eslint
Vulnerable Version: >=1.4.0 <4.18.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). This can cause an impact of about 10 seconds matching time for data 100k characters long.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-400"]
Alternative ID: N/A
Finding: F002
Auto approve: 1