Search for packages
| purl | pkg:npm/acorn@6.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4t4e-47cq-2ffx
Aliases: GHSA-7fhm-mqm4-2wp7 |
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) **Withdrawn** GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759. The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598 which caused this advisory to be published with incorrect information. In order to provide accurate advisory information, new advisories were created: - minimist: https://github.com/advisories/GHSA-vh95-rmgr-6w4m - acorn: https://github.com/advisories/GHSA-6chw-6frg-f759 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9eyp-2a6k-xya4
Aliases: GHSA-6chw-6frg-f759 GMS-2020-702 |
Regular Expression Denial of Service in Acorn Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes untrusted input and passes it directly to acorn, attackers may leverage the vulnerability leading to Denial of Service. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-znj9-9zem-s3c9
Aliases: GMS-2020-1 |
Regular Expression Denial of Service A regex in the form of `/[x-\ud800]/u` causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||