Inefficient Regular Expression Complexity
CVE-2021-4299
Summary
A vulnerability classified as problematic was found in the cronvel string-kit through 0.12.7. This vulnerability affects the function "naturalSort" of the file "lib/naturalSort.js". The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The identifier of this vulnerability is VDB-217180.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published