CVE-2023-30858

CVSS V2 None CVSS V3 None

Description

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.

Overview

CVE ID
CVE-2023-30858

Assigner
security-advisories@github.com

Vulnerability Status
Received

Published Version
2023-04-28T21:15:09

Last Modified Date
2023-04-28T21:15:09

Weakness Enumerations

CWE	URL
CWE-1333	http://cwe.mitre.org/data/definitions/1333.html

References

Reference URL	Reference Tags
https://github.com/denosaurs/emoji/pull/11
https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v
https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-30858
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30858

History

Created	Old Value	New Value	Data Type	Notes
2023-04-28 22:01:04				Added to TrackCVE
2023-04-28 22:01:04			Weakness Enumeration	new