Skip to main content

Inefficient Regular Expression Complexity

CVE-2021-4299

Severity High
Score 7.5/10

Summary

A vulnerability classified as problematic was found in the cronvel string-kit through 0.12.7. This vulnerability affects the function "naturalSort" of the file "lib/naturalSort.js". The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The identifier of this vulnerability is VDB-217180.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published