This package has limited bug data (1 entry). Check back later or see the package health page for the full signal.
acorn known bugs
npm1 known bug in acorn, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
1
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 5.5.0 | 5.7.4 | Regular Expression Denial of Service in Acorn Affected versions of acorn are vulnerable to Regular Expression Denial of Service.
A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop.
The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.
If an application processes untrusted input and passes it directly to acorn,
attackers may leverage the vulnerability leading to Denial of Service. | fixed | osv:GHSA-6chw-6frg-f759 |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/npm/acorn