Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1526

[YARGS-PARSER] SRCCLR-SID-31414 | Unknown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web UI

      Description

      SRCCLR-SID-31414 | Unknown

      Severity : Medium

      yargs-parser is vulnerable to Regular Expression Denial of Service (ReDoS). The `isUnknownOption` function in `yargs-parser.ts` does not properly replace `-` characters from parse, allowing a malicious user to slow down or hang the application when unknown-options-as-args is set to true.

      Module : yags-parser

      nuxeo-web-ui.zip#zip:node_modules:yargs-parser

      Current Version : 20.2.4

      Recommended Version : 20.2.9 to 21.1.1

       

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: