CVE-2023-25166
on github
Published
Severity
CVSS v3:
6.5 MEDIUM
CVSS v2:
N/A
Description
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:hapi:formula:*:*:*:*:*:node.js:*:* | n/a | 3.0.1 | * |