VYPR

npm package

printf

pkg:npm/printf

Vulnerabilities (1)

  • CVE-2021-23354Mar 12, 2021
    affected < 0.6.1fixed 0.6.1

    The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic wor