View all vulnerabilities

CVE-2024-27088

es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

### ImpactPassing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall### PatchesFixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602Published with v0.10.63### WorkaroundsNo real workaround aside of refraining from using above utilities.### Referenceshttps://github.com/medikoo/es5-ext/issues/201

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
Score Vector
Affected Versions
es5-ext >= 0.10.0 < 0.10.63
Severity
Ecosystem
JavaScript
Publish Date
February 26, 2024
Modified Date
February 26, 2024