Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2020-26256
Good to know:
Date: December 8, 2020
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in "v4.3.6" You will only be affected by this if you use the "ignoreEmpty" parsing option. If you do use this option it is recommended that you upgrade to the latest version "v4.3.6" This vulnerability was found using a CodeQL query which identified "EMPTY_ROW_REGEXP" regular expression as vulnerable.
Language: TYPE_SCRIPT
Severity Score
Related Resources (13)
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400Top Fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | SINGLE |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | PARTIAL |
| Additional information: |