Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2021-0638
Good to know:
Date: September 18, 2021
There is regular Expression Denial of Service (ReDoS) vulnerability in mocha. It allows cause a denial of service when stripping crafted invalid function definition from strs.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Inefficient Regular Expression Complexity
CWE-1333Top Fix
Upgrade Version
Upgrade to version NewPlatform.Flexberry.Designer.EmberCache - no_fix;zurb/foundation - v6.4.0-rc2;zurb/foundation - v6.0.4;zurb/foundation - v6.3-rc1;zurb/foundation - v6.2.0-rc.1;zurb/foundation - v6.1.0;zurb/foundation - v6.4.4-rc1;zurb/foundation - v6.0.1;zurb/foundation - v6.2.0;zurb/foundation - v6.0.6;zurb/foundation - dev-master;zurb/foundation - v6.1.1;zurb/foundation - v6.0.3;zurb/foundation - dev-dependabot/npm_and_yarn/ssri-6.0.2;zurb/foundation - dev-feature/update-customizer;zurb/foundation - dev-fix/12142-label-middle-align-with-input;zurb/foundation - v6.2.1;zurb/foundation - v3.0.0;zurb/foundation - v6.0.5;zurb/foundation - v6.4.0-rc5;zurb/foundation - v6.0.0;zurb/foundation - v6.1.2;maslosoft/binder - no_fix;maslosoft/binder - 0.0.1;maslosoft/binder - 2.0.7;piwik/piwik - 3.2.0-b4;piwik/piwik - 3.6.1;piwik/piwik - dev-dev-13900;piwik/piwik - 3.9.0;piwik/piwik - dev-prefix-monolog-syslog;piwik/piwik - 3.9.0-rc1;piwik/piwik - 3.12.0-b2;piwik/piwik - 3.0.3-rc1;piwik/piwik - 3.2.0;piwik/piwik - 3.0.1-b2;piwik/piwik - dev-providerremoval;piwik/piwik - 3.0.0-b5;piwik/piwik - 3.9.0-b2;piwik/piwik - 3.3.0-rc1;piwik/piwik - dev-gmdateint;piwik/piwik - 3.0.2-b1;piwik/piwik - 3.3.0-b1;piwik/piwik - 3.8.0-rc1;piwik/piwik - 3.0.2-rc1;piwik/piwik - dev-angular-migration2;piwik/piwik - 3.8.1-rc1;piwik/piwik - 3.0.5-b1;piwik/piwik - 3.11.0-rc2;piwik/piwik - 3.5.0-b1;piwik/piwik - dev-dev-14211;piwik/piwik - 3.10.0.x-dev;piwik/piwik - 3.1.1-b3;piwik/piwik - 3.11.0-b2;piwik/piwik - dev-fix14370;yiixwom/yii-xwom - no_fix;yiixwom/yii-xwom - v0.1.2;yiixwom/yii-xwom - 1.0.6;enhavo/assets-bundle - no_fix;foundation/foundation-sites - dev-feature/update-customizer;foundation/foundation-sites - no_fix;foundation/foundation-sites - dev-master;foundation/foundation-sites - dev-dependabot/npm_and_yarn/nanoid-3.2.0;foundation/foundation-sites - v6.2.4-rc1;foundation/foundation-sites - v6.3.0;foundation/foundation-sites - v6.5.0-rc.1;doccano - 1.4.1;matomo/matomo - 3.10.0.x-dev;matomo/matomo - dev-fix14370;matomo/matomo - dev-providerremoval;matomo/matomo - dev-prefix-monolog-syslog;matomo/matomo - 3.12.0-rc1;matomo/matomo - dev-3.x-dev;matomo/matomo - dev-dev-13900;matomo/matomo - dev-gmdateint;matomo/matomo - dev-angular-migration2;matomo/matomo - 3.12.0-b2;matomo/matomo - dev-dev-14211;hkvstore/richfilemanager - v2.8.1;hkvstore/richfilemanager - no_fix;enhavo/enhavo - 0.7.x-dev;enhavo/enhavo - 0.6;baijunyao/laravel-bjyadmin - 5.1.x-dev;baijunyao/laravel-bjyadmin - no_fix;baijunyao/laravel-bjyadmin - v1.0.0;claudiusnascimento/gentelelladashboard - no_fix;ramphor/filter-form - no_fix;OctoWeb01 - no_fix;baijunyao/laravel-bjyblog - dev-dependabot/npm_and_yarn/dns-packet-1.3.4;baijunyao/laravel-bjyblog - dev-dependabot/npm_and_yarn/minimist-1.2.6;baijunyao/laravel-bjyblog - v5.5.9.1;baijunyao/laravel-bjyblog - v5.5.6.1;baijunyao/laravel-bjyblog - dev-dependabot/composer/composer/composer-1.10.22;laraflat/laraflat - no_fix;mocha - 3.0.0-0;mocha - 6.0.0-0;mocha - 10.1.0;valeriy-brunov/webcomponent - 1.0.1;valeriy-brunov/webcomponent - no_fix;pframe/phalcon-clear - no_fix;tensorflow - 0.8.0;lamarques/framework - no_fix;lamarques/framework - v0.1-dev;lamarques/framework - dev-issue#1;marabesi/easy-crud - no_fix;ikodota/laravel-discover - v1.0.1;ikodota/laravel-discover - no_fix;ariiportal/symfony-arii-edition - no_fix;ariiportal/symfony-arii-edition - dev-master;thangbeo/menu - no_fix;dekuan/vdata - 1.0;dekuan/vdata - no_fix;Bundler - 1.1.31;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;asminog/nemo-travel-frontend - v0.0.22;asminog/nemo-travel-frontend - no_fix;nicolaecasir/agenti - no_fix;cognitus/richfilemanager - no_fix;jsdom - 11.11.0;mfcc/skeleton-application - zf/release-2.0.0beta1;restaurare/ewlist - no_fix;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;datht/language - no_fix;codtail/admin-suit - no_fix;OctoWeb - no_fix;cupboard/core - no_fix;eftec/gentelella-bladeone - no_fix;blueimp/jquery-file-upload - v10.32.0;douggonsouza/gentelela - no_fix;douggonsouza/gentelela - 1.0.0;fidpro/builder - no_fix;jjsoft-ar/siges-ui - 1.0.0;jjsoft-ar/siges-ui - no_fix;native-network/example-open-social-composer - no_fix;native-network/example-open-social-composer - dev-dependabot/npm_and_yarn/web/libraries/diff/ini-1.3.7;Fable.Library.Template - no_fix;thangbeo/languages - no_fix;rndwiga/ui-gentella - no_fix;Inferno.Bunyan - no_fix;ioext/vdata - no_fix;ioext/vdata - 1.0.0;yivic/yivic-elce - no_fix;servocoder/richfilemanager - no_fix;diamondphp/diamondphp - no_fix;limefamily/yii2-limetheme - 1.0.12;gtdxyz/suda - 5.2.0;gtdxyz/suda - 5.0;MetaAuth - no_fix;clem44/slim-starterkit - no_fix;mazguhin/smans - v0.1.0;ourgapps/gentelella - no_fix;douggonsouza/imwvg - no_fix;maslosoft/balin - 0.0.1;maslosoft/balin - 2.0.7;maslosoft/balin - no_fix;douggonsouza/discovery - v1.0.0;douggonsouza/discovery - no_fix;krzysiekpiasecki/gentelella - no_fix;atha/ci-rest-server - no_fix;vinsofts/translates - no_fix;Raml.Parser - 1.0.7;phamanhtu/translate - no_fix;douggonsouza/amazonita - no_fix;triawarman/yii2-richfilemanager - v0.1;livecms/core - dev-master;Chutzpah - 4.2.4;jasonbrady/joyride - 1.0.2;svg2png - no_fix;osfed/l4crud - no_fix;adamstyperek/base.symfony.crud - no_fix;org.webjars.npm:blueimp-canvas-to-blob:3.6.0;org.webjars.npm:webcomponents.js:no_fix;org.webjars:mocha:no_fix;org.webjars.bower:es6-promise:3.3.1;org.webjars.npm:mocha:10.2.0;org.webjars.bowergithub.olivernn:lunr.js:no_fix;org.webjars.npm:lunr:no_fix;org.webjars.bower:parsleyjs:no_fix;org.webjars.bower:parsleyjs:2.5.0;org.webjars.bower:parsleyjs:2.7.2;org.webjars.bower:blueimp-load-image:no_fix;org.webjars.bower:blueimp-load-image:2.6.0;org.webjars.bower:blueimp-load-image:2.6.2;org.webjars.npm:foundation-sites:6.2.0;org.webjars.npm:gentelella:no_fix;org.webjars.bowergithub.bigskysoftware:_hyperscript:no_fix;org.webjars.bower:blueimp-file-upload:no_fix;org.webjars.bowergithub.travist:jsencrypt:no_fix;org.webjars.bowergithub.faan11:app-localstorage-tidy-string:no_fix;org.webjars.bowergithub.blueimp:jquery-file-upload:no_fix;org.webjars:browser-sync:no_fix;org.webjars.bower:messageformat:0.3.0-1;org.webjars.npm:loadjs:no_fix;org.webjars.bowergithub.bigskysoftware:htmx:no_fix;org.webjars.npm:localforage:1.10.0;org.webjars.npm:github-com-ujjwalguptaofficial-JsStore:no_fix;org.webjars.bower:gentelella:no_fix;org.webjars.npm:blueimp-md5:2.10.0;org.webjars.npm:polymer__polymer:3.0.5;org.webjars.bower:github-com-muicss-mui:no_fix;org.webjars.npm:parsleyjs:2.9.1;org.webjars.bowergithub.alex-saunders:sliding-pages:no_fix;org.webjars.bowergithub.blueimp:javascript-load-image:no_fix;org.webjars.bower:jsencrypt:no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |