CVE-2017-16115

Summary

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.

Affected Software

VendorProductVersion RangeStatus
HackerOnetimespan node moduleAll versionsaffected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References