VYPR

npm package

jsx-slack

pkg:npm/jsx-slack

Vulnerabilities (2)

  • CVE-2021-43843Dec 20, 2021
    affected < 4.5.2fixed 4.5.2

    jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot

  • CVE-2021-43838Dec 17, 2021
    affected < 4.5.1fixed 4.5.1

    jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `` tag, an internal regular