One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 3835546 |
| Date de publication | 2021-12-20 22:15:07 (vue: 2021-12-21 00:06:26) |
| Titre | CVE-2021-43843 |
| Texte | jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `` with multibyte characters. |
| Envoyé | Oui |
| Condensat | 2021 43838 43843 against also amount ascii attack attacker backtracking block blockquote building but can case catastrophic characters computing confirm consume cve denial elements escaping excessive expression expressions found from has including insufficient internal json jsx kit lot maintainers may misses multibyte multiple objects package passes patch prevent protection put redos regular rendering resources service slack surfaces tag tags test tfor updated |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.