{"uuid": "de1f0e5d-2e7e-4f8f-af16-0c55f0208c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-28092", "type": "seen", "source": "https://t.me/cibsecurity/24880", "content": "\u203c CVE-2021-28092 \u203c\n\nThe is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-13T00:55:54.000000Z"}