Fix CVE–2021–33623

[debricked]

CVE–2021–33623

Vulnerability details

Description

Uncontrolled Resource Consumption

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

GitHub

Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

NVD

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

CVSS details - 7.5

 

CVSS3 metrics
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity	None
Availability	High

References

    Uncontrolled Resource Consumption in trim-newlines · CVE-2021-33623 · GitHub Advisory Database · GitHub
    NVD - CVE-2021-33623
    trim-newlines - npm
    Release v4.0.1 · sindresorhus/trim-newlines · GitHub
    GitHub - sindresorhus/trim-newlines: Trim newlines from the start and/or end of a string
    GitHub - sindresorhus/trim-newlines: Trim newlines from the start and/or end of a string
    CVE-2021-33623 Node.js Vulnerability in NetApp Products | NetApp Product Security
    Fix ReDoS vulnerability for the .end() method · sindresorhus/trim-newlines@25246c6 · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE