GHSA-86vw-mfpg-wwv9HighCVSS 7.5
jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion
🔗 CVE IDs covered (1)
📋 Description
Impact
In JSONata <v2.2.0, it is possible to craft non-matching inputs to the $toMillis function that cause superlinear backtracking in the ISO-8601 validation regex. This may lead to denial of service in applications that evaluate user-provided JSONata expressions.
Patches
This issue has been addressed in JSONata version >= 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation.
References
https://github.com/jsonata-js/jsonata/releases/tag/v2.2.0
Credit
Thank you to Doruk Tan Öztürk for disclosing this issue.
🎯 Affected products1
- npm/jsonata:< 2.2.0
🔗 References (7)
- https://github.com/jsonata-js/jsonata/security/advisories/GHSA-86vw-mfpg-wwv9
- https://github.com/jsonata-js/jsonata/pull/782
- https://github.com/jsonata-js/jsonata/pull/793
- https://github.com/jsonata-js/jsonata/commit/80ba95d170f74e3f20f4f36b8b77d8c85cea7686
- https://github.com/jsonata-js/jsonata/commit/d6ffc17cb16a8e53c222205bd274624e919cce0b
- https://github.com/jsonata-js/jsonata/releases/tag/v2.2.0
- https://github.com/advisories/GHSA-86vw-mfpg-wwv9