Seal Security

CVE-2021-33623

Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the `.end()` method.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

7.5

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions

trim-newlines < 3.0.1; trim-newlines >= 4.0.0 < 4.0.1

Severity

High

Ecosystem

JavaScript

Publish Date

June 7, 2021

Modified Date

November 7, 2023