Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-16117

Good to know:

icon
icon

Date: April 25, 2018

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

Language: JS

Severity Score

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2017-16117
https://nodesecurity.io/advisories/537
https://github.com/dodo/node-slug/issues/82
https://www.mend.io/vulnerability-database/CVE-2017-16117

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version 0.9.2

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us