Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Regular Expression Denial of Service (ReDoS) vulnerability in nth-check #1031

Open
camgrimsec opened this issue Mar 31, 2024 · 0 comments
Open

Comments

@camgrimsec
Copy link

Introduction:
This issue highlights a vulnerability in the nth-check package, specifically related to Regular Expression Denial of Service (ReDoS). This vulnerability is identified with a CVSS score of 7.5 (High Severity) by both Snyk and NVD.

Details:
The vulnerability is introduced through @tryghost/[email protected] and affects versions of nth-check prior to 2.0.1.

Exploit Maturity:
The exploit maturity is identified as Proof of Concept.

Detailed Paths:

Introduced through: @tryghost/[email protected] › @tryghost/[email protected] › @tryghost/[email protected][email protected][email protected][email protected]

Security Information:

Snyk: CVSS 7.5 - High Severity
NVD: CVSS 7.5 - High Severity

Overview:
nth-check is a library used for parsing CSS nth-child expressions.

Vulnerability Description:
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks. This vulnerability is due to the sub-pattern \s*(?:([+-]?)\s*(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency. An attacker can exploit this by providing a specially crafted input, leading to excessive backtracking during regex processing, which may result in a denial of service condition.

Remediation:
Upgrade to version 2.0.1 or later of nth-check to fix this vulnerability. Unfortunately, there is no remediation path available for previous versions.

Proposed Changes:
Update the dependency on nth-check to version 2.0.1 or later in the package.json file.

Testing:
After updating the dependency, ensure that all existing functionality continues to work as expected. Perform thorough testing to verify that the vulnerability has been mitigated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant