David Worms

2 exploits Active since Oct 2019
CVE-2019-17592 WRITEUP HIGH WRITEUP
csv-parse < 4.4.6 - Regular Expression Denial of Service via __isInt Function
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.
CVSS 7.5
CVE-2021-28860 WRITEUP CRITICAL WRITEUP
mixme < 0.5.1 - Prototype Pollution via __proto__ in mutate() and merge()
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
CVSS 9.1