Moderate severityNVD Advisory· Published Mar 22, 2021· Updated Sep 16, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2020-28501
Description
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
es6-crawler-detectnpm | < 3.1.3 | 3.1.3 |
Affected products
2- es6-crawler-detect/es6-crawler-detectdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-jxg6-fhwc-9v9cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28501ghsaADVISORY
- github.com/JefferyHus/es6-crawler-detect/pull/27ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-ES6CRAWLERDETECT-1051529ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.