Knwl.js Regular Expression Denial of Service vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 26, 2024
to the GitHub Advisory Database
•
Updated Oct 28, 2024
Description
Published by the National Vulnerability Database
Oct 26, 2024
Published to the GitHub Advisory Database
Oct 26, 2024
Reviewed
Oct 28, 2024
Last updated
Oct 28, 2024
Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
References