You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWEs: CWE-1333
Vulnerability Description: The vulnerability arises from the ua-parser package, which is used in the Yoast SEO package JS. This issue is indirectly caused by the archived and no longer maintained draft-js dependency. Specifically, versions of the package from 0.7.30 and before 0.7.33, and from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Request for Action:
Given that draft-js is archived and no longer maintained, is there a plan to replace this dependency with a more secure and actively maintained alternative?
Can the draft-js dependency be replaced to mitigate this vulnerability?
Is anything in development or in the pipeline to address this issue? If so, do you have an estimated timeline for when a fix or patch will be available?
The text was updated successfully, but these errors were encountered:
Vulnerability Details:
Vulnerability IDs: CVE-2022-25927 (NVD)
Highest Severity: HIGH
CVE Count: 1
Confidence: HIGHEST
Evidence Count: 3
Identifiers: pkg:javascript/[email protected]
CVSS Scores and Vectors:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWEs: CWE-1333
Vulnerability Description: The vulnerability arises from the ua-parser package, which is used in the Yoast SEO package JS. This issue is indirectly caused by the archived and no longer maintained draft-js dependency. Specifically, versions of the package from 0.7.30 and before 0.7.33, and from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Request for Action:
The text was updated successfully, but these errors were encountered: