CVE-2020-7753

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
References
Link Resource
https://github.com/component/trim/blob/master/index.js%23L6 Broken Link Third Party Advisory
https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a%40%3Ccommits.airflow.apache.org%3E
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-TRIM-1017038 Exploit Third Party Advisory
https://github.com/component/trim/blob/master/index.js%23L6 Broken Link Third Party Advisory
https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a%40%3Ccommits.airflow.apache.org%3E
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-TRIM-1017038 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:trim_project:trim:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://github.com/component/trim/blob/master/index.js%23L6 - Broken Link, Third Party Advisory () https://github.com/component/trim/blob/master/index.js%23L6 - Broken Link, Third Party Advisory
References () https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9%40%3Ccommits.airflow.apache.org%3E - () https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9%40%3Ccommits.airflow.apache.org%3E -
References () https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b%40%3Ccommits.airflow.apache.org%3E - () https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b%40%3Ccommits.airflow.apache.org%3E -
References () https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196%40%3Ccommits.airflow.apache.org%3E - () https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196%40%3Ccommits.airflow.apache.org%3E -
References () https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03%40%3Ccommits.airflow.apache.org%3E - () https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03%40%3Ccommits.airflow.apache.org%3E -
References () https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a%40%3Ccommits.airflow.apache.org%3E - () https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a%40%3Ccommits.airflow.apache.org%3E -
References () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JS-TRIM-1017038 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JS-TRIM-1017038 - Exploit, Third Party Advisory

07 Nov 2023, 03:26

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20210511 [GitHub] [airflow] ryanahamilton commented on pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20210511 [GitHub] [airflow] ryanahamilton closed pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20210511 [GitHub] [airflow] kaxil opened a new pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20210511 [GitHub] [airflow] kaxil closed pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03@%3Ccommits.airflow.apache.org%3E', 'name': '[airflow-commits] 20210511 [GitHub] [airflow] github-actions[bot] commented on pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r51ff3c2a4c7b8402f321eae7e624672cc2295c7bc8c12c8b871f6b0b%40%3Ccommits.airflow.apache.org%3E -
  • () https://lists.apache.org/thread.html/r10faad1ef9166d37a1a5c9142b1af7099b8ecdc5ad05c51b8ea993d9%40%3Ccommits.airflow.apache.org%3E -
  • () https://lists.apache.org/thread.html/rb8462df3b6484e778905c09cd49a8912e1a302659860017ebe36da03%40%3Ccommits.airflow.apache.org%3E -
  • () https://lists.apache.org/thread.html/rcc7c2865a52b544a8e49386c6880e9b9ab29bfce1052b5569d09ee4a%40%3Ccommits.airflow.apache.org%3E -
  • () https://lists.apache.org/thread.html/r75b8d0b88833d7d96afcdce3ead65e212572ead4e7a9f34d21040196%40%3Ccommits.airflow.apache.org%3E -

Information

Published : 2020-10-27 09:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7753

Mitre link : CVE-2020-7753

CVE.ORG link : CVE-2020-7753


JSON object : View

Products Affected

trim_project

  • trim
CWE
CWE-400

Uncontrolled Resource Consumption