NodeJS/decamelize/1.1.0
Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow
https://www.npmjs.com/package/decamelize
MIT
2 Security Vulnerabilities
Regular Expression Denial of Service in decamelize
Published date: 2018-07-24T20:00:17Z
CVE: CVE-2017-16023
Links:
Affected versions of decamelize
are susceptible to a denial of service vulnerability when user input is passed directly into decamelize
.
Recommendation
Update to version 1.1.2 or later.
Affected versions:
["1.1.0", "1.1.1"]
Secure versions:
[1.0.0, 1.1.2, 1.2.0, 2.0.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0]
Recommendation:
Update to version 6.0.0.
Regular Expression Denial of Service
Published date: 2017-04-14
Coordinating vendor: ^Lift Security
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase.
Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
Affected versions:
["1.1.0", "1.1.1"]
Secure versions:
[1.0.0, 1.1.2, 1.2.0, 2.0.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0]
Recommendation:
Upgrade to version 1.1.2 or later.
14 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
6.0.0 | MIT | 2021-10-01 - 02:34 | over 2 years | |
5.0.1 | MIT | 2021-09-29 - 10:26 | over 2 years | |
5.0.0 | MIT | 2021-01-11 - 07:35 | over 3 years | |
4.0.0 | MIT | 2020-01-26 - 03:03 | about 4 years | |
3.2.0 | MIT | 2019-04-05 - 21:30 | about 5 years | |
3.1.1 | MIT | 2019-03-22 - 10:46 | about 5 years | |
3.1.0 | MIT | 2019-03-21 - 15:48 | about 5 years | |
3.0.0 | MIT | 2019-03-06 - 16:08 | about 5 years | |
2.0.0 | MIT | 2018-01-08 - 19:09 | over 6 years | |
1.2.0 | MIT | 2016-03-05 - 08:49 | about 8 years | |
1.1.2 | MIT | 2015-12-23 - 01:05 | over 8 years | |
1.1.1 | MIT | 2 | 2015-10-29 - 16:21 | over 8 years |
1.1.0 | MIT | 2 | 2015-10-25 - 19:24 | over 8 years |
1.0.0 | MIT | 2015-01-24 - 11:12 | about 9 years |