CVE-2017-16115
HIGHtimespan - Regular Expression Denial of Service via Untrusted User Input
Title source: llmDescription
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/indexzero/TimeSpan.js/issues/10
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/533
Scores
CVSS v3
7.5
EPSS
0.0150
EPSS Percentile
71.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
npm/timespan
0npm
timespan_project/timespan
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026