Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-43646

Published: 27/09/2023 Updated: 02/10/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Get-func-name

Vulnerability Summary

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions before 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

chaijs get-func-name

Vendor Advisories

Debian CVElist Bug Report Logs: node-get-func-name: CVE-2023-43646
Debian Bug report logs - #1053262 node-get-func-name: CVE-2023-43646 Package: src:node-get-func-name; Maintainer for src:node-get-func-name is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Sep 2023 09:21:02 UTC Severit ...
Red Hat:
Description<!---->A vulnerability was found in the get-func-name package in the chai module Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availabilityA vulnerability was found in the get-func-name package in the chai module Affected versions of this package are vulnerab ...

Github Repositories

https://github.com/famedly/uia-proxy

UIA-Proxy This is a login service that implements UIA (User Interactive Auth) for matrix servers It allows high customization and easy development of new stages and password providers The service is implemented in TypeScript and executed in Nodejs runtime Prerequisites To compile, build, test and run the service from the source code, you will need the following tools: D

https://github.com/blindspot-security/myrror-cli

Myrror CLI Myrror CLI is a command-line tool that uses the Myrror API to check the status of your projects Installation To install this project, you need to clone the repository and install all necessary dependencies: git clone githubcom/user/myrror-cligit cd myrror-cli npm install Configuration To configure the project, you nee

References

CWE-400CWE-1333https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053262https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-43646
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook