CVE-2017-16115

Published June 7th, 2018

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.

indexzero/TimeSpan.js

A JavaScript TimeSpan library for node.js (and soon the browser)

GitHub