CVE-2017-16099

HIGH

no-case < 2.3.2 - Denial of Service via Regular Expression

Title source: llm
STIX 2.1

Description

The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/blakeembrey/no-case/issues/17
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/529

Scores

CVSS v3 7.5
EPSS 0.0158
EPSS Percentile 72.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (2)
no-case_project/no-case < 2.3.2
npm/no-case 0 - 2.3.2npm
Published Jun 07, 2018
Tracked Since Feb 18, 2026