CVE-2021-23429

MEDIUM

Transpile - Improper Exception Handling

Title source: rule

Description

All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.

References (2)

[Broken Link] https://github.com/stealjs/transpile/blob/56aaeb26f69496e45a60c03dc92653d53021d4ac/main.js%23L53

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JS-TRANSPILE-1290774

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 51.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (2)

transpile_project/transpile

npm/transpile npm

Timeline

Published Aug 24, 2021

Tracked Since Feb 18, 2026