Moderate severityNVD Advisory· Published Feb 8, 2023· Updated Mar 10, 2025
Regular Expression Denial of Service (ReDoS) Vulnerability
CVE-2023-25166
Description
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@sideway/formulanpm | < 3.0.1 | 3.0.1 |
Affected products
2- hapijs/formulav5Range: < 3.0.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-c2jc-4fpr-4vhgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25166ghsaADVISORY
- github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3feghsax_refsource_MISCWEB
- github.com/hapijs/formula/security/advisories/GHSA-c2jc-4fpr-4vhgghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.