{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32454?format=json","vulnerability_id":"VCID-9eyp-2a6k-xya4","summary":"Regular Expression Denial of Service in Acorn\nAffected versions of acorn are vulnerable to Regular Expression Denial of Service.\nA regex in the form of /[x-\\ud800]/u causes the parser to enter an infinite loop.\nThe string is not valid UTF16 which usually results in it being sanitized before reaching the parser.\nIf an application processes untrusted input and passes it directly to acorn,\nattackers may leverage the vulnerability leading to Denial of Service.","aliases":[{"alias":"GHSA-6chw-6frg-f759"},{"alias":"GMS-2020-702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72702?format=json","purl":"pkg:npm/acorn@5.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/72703?format=json","purl":"pkg:npm/acorn@6.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/72704?format=json","purl":"pkg:npm/acorn@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/142321?format=json","purl":"pkg:npm/acorn@5.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573747?format=json","purl":"pkg:npm/acorn@5.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/573748?format=json","purl":"pkg:npm/acorn@5.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/573749?format=json","purl":"pkg:npm/acorn@5.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/573750?format=json","purl":"pkg:npm/acorn@5.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573751?format=json","purl":"pkg:npm/acorn@5.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/573752?format=json","purl":"pkg:npm/acorn@5.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/573753?format=json","purl":"pkg:npm/acorn@5.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573754?format=json","purl":"pkg:npm/acorn@5.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/573755?format=json","purl":"pkg:npm/acorn@5.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/573756?format=json","purl":"pkg:npm/acorn@5.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/142297?format=json","purl":"pkg:npm/acorn@6.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4t4e-47cq-2ffx"},{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573758?format=json","purl":"pkg:npm/acorn@6.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/573759?format=json","purl":"pkg:npm/acorn@6.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/573760?format=json","purl":"pkg:npm/acorn@6.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/573761?format=json","purl":"pkg:npm/acorn@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/573762?format=json","purl":"pkg:npm/acorn@6.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/573763?format=json","purl":"pkg:npm/acorn@6.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/573764?format=json","purl":"pkg:npm/acorn@6.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/573765?format=json","purl":"pkg:npm/acorn@6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573766?format=json","purl":"pkg:npm/acorn@6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/573767?format=json","purl":"pkg:npm/acorn@6.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573768?format=json","purl":"pkg:npm/acorn@6.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/573769?format=json","purl":"pkg:npm/acorn@6.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573770?format=json","purl":"pkg:npm/acorn@6.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/142296?format=json","purl":"pkg:npm/acorn@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4t4e-47cq-2ffx"},{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/573757?format=json","purl":"pkg:npm/acorn@7.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9eyp-2a6k-xya4"},{"vulnerability":"VCID-znj9-9zem-s3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.0"}],"references":[{"reference_url":"https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802"},{"reference_url":"https://github.com/acornjs/acorn/issues/929","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/acornjs/acorn/issues/929"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ACORN-559469","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ACORN-559469"},{"reference_url":"https://www.npmjs.com/advisories/1488","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1488"}],"weaknesses":[{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9eyp-2a6k-xya4"}