Published: 14/10/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The csv-parse module prior to 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
csv-parse project csv-parse
fedoraproject fedora 31

Convert a performatted CSV file to multiple valid localization files

Archive project with security advisory in dependencies This project has not been used for a long time and is not currently maintaned There are 2 security issues in dependecies: csv-parse CVE-2019-17592 lodash CVE-2019-1010266 CVE-2019-10744 CVE-2018-16487 CsvToL10nJson Convert a performatted CSV file to multiple valid localization files This module converts a single CSV file

CWE-400 https://www.npmjs.com/advisories/1171 https://github.com/adaltas/node-csv-parse/commit/b9d35940c6815cdf1dfd6b21857a1f6d0fd51e4a https://security.netapp.com/advisory/ntap-20191127-0002/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/https://nvd.nist.gov https://github.com/endorama/CsvToL10nJson

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-17592

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect