ByteOS Network

NVD Vulnerability Details :

CVE-2023-43646

Analyzed

Source-security-advisories@github.com

Published At-27 Sep, 2023 | 15:19

Updated At-02 Oct, 2023 | 16:26

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CPE Matches

chaijs>>get-func-name>>Versions before 2.0.1(exclusive)

cpe:2.3:a:chaijs:get-func-name:*:*:*:*:*:node.js:*:*

Weaknesses

CWE ID	Type	Source
CWE-1333	Primary	security-advisories@github.com
CWE-400	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69	security-advisories@github.com	Patch
https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5	security-advisories@github.com	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History