VYPR
Low severityNVD Advisory· Published Feb 26, 2024· Updated Aug 9, 2024

es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

CVE-2024-27088

Description

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into function#copy or function#toStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
es5-extnpm
>= 0.10.0, < 0.10.630.10.63

Affected products

1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.