Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2017-3772

Good to know:

icon
icon

Date: September 8, 2017

Regular Expression Denial of Service (ReDoS) vulnerability was found in underscore.string 2.4.0 through 3.3.5.

Language: JS

Severity Score

Related Resources (2)

https://github.com/esamattis/underscore.string/issues/510
https://www.mend.io/vulnerability-database/WS-2017-3772

Severity Score

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Top Fix

icon

Upgrade Version

Upgrade to version awesome-support/awesome-support - dev-issue/233;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-omage-theme;tribalsystems/zenario - 9.2.55826;tribalsystems/zenario - 7.0.2e;tribalsystems/zenario - 8.9.55141;tribalsystems/zenario - 9.0.55141;tribalsystems/zenario - 9.1.55143;tribalsystems/zenario - 9.5.x-dev;ymcatwincities/openy-cibox-vm - dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebe;ymcatwincities/openy-cibox-vm - dev-snyk-fix-84e446cbc8aa1506ed55902e1b08c080;ymcatwincities/openy-cibox-vm - dev-snyk-fix-45a393004964497d68443389076d755a;ymcatwincities/openy-cibox-vm - dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425;ymcatwincities/openy-cibox-vm - no_fix;yivic/yivic-elce - no_fix;triawarman/yii2-richfilemanager - v0.1;xenomedia/xeno-base - 0.0.1;xenomedia/xeno-base - no_fix;tslint - 4.5.1;underscore.string - 3.3.6;oxid-esales/wave-theme - dev-oxscript-google-analytics;frankyframework/franky2 - no_fix;MIDIator.WebClient - 1.0.105;EntityFramework.LookupTables - 1.1.14.119;NewPlatform.Flexberry.Designer.EmberCache - no_fix;sombrerodepaja/franky-skeleton-application - no_fix;grunt - no_fix;limefamily/yii2-limetheme - 1.0.12;jsdom - 11.11.0;org.webjars.npm:underscore.string:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us