High severityNVD Advisory· Published Aug 29, 2022· Updated Apr 23, 2025

Possible Regular Expression Denial of Service (ReDoS) used on uncontrolled data in nitrado.js

CVE-2022-36034

Description

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of {{ and with many repetitions of {{|. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
nitrado.jsnpm	< 0.2.5	0.2.5

Affected products

Cainthebest/Nitrado.jsv5
Range: < 0.2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-vqc4-v8hc-h2jgghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-36034ghsaADVISORY
github.com/cainthebest/nitrado.js/blob/v0.2.5/CHANGELOG.mdghsax_refsource_MISCWEB
github.com/cainthebest/nitrado.js/security/advisories/GHSA-vqc4-v8hc-h2jgghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000