VYPR
Moderate severityNVD Advisory· Published Feb 8, 2023· Updated Mar 10, 2025

Regular Expression Denial of Service (ReDoS) Vulnerability

CVE-2023-25166

Description

formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@sideway/formulanpm
< 3.0.13.0.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.