adaltas/node-printf
GitHub
Releases24
Frequency5 months 6 days
Last Release
Stars90
Write formatted data (complete implementation of printf and sprintf) in Node.js
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.3 MEDIUM | 5 MEDIUM | ||
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity. | |||