NodeJS/decamelize/1.1.1

Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow

https://www.npmjs.com/package/decamelize
MIT

2 Security Vulnerabilities

Regular Expression Denial of Service in decamelize

Published date: 2018-07-24T20:00:17Z
CVE: CVE-2017-16023
Links:

Affected versions of decamelize are susceptible to a denial of service vulnerability when user input is passed directly into decamelize.

Recommendation

Update to version 1.1.2 or later.

Affected versions: ["1.1.0", "1.1.1"]
Secure versions: [1.0.0, 1.1.2, 1.2.0, 2.0.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0]
Recommendation: Update to version 6.0.0.

Regular Expression Denial of Service

Published date: 2017-04-14
Coordinating vendor: ^Lift Security
Links:

Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase.

Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.

Affected versions: ["1.1.0", "1.1.1"]
Secure versions: [1.0.0, 1.1.2, 1.2.0, 2.0.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0]
Recommendation: Upgrade to version 1.1.2 or later.

14 Other Versions

Version License Security Released
6.0.0 MIT 2021-10-01 - 02:34 over 2 years
5.0.1 MIT 2021-09-29 - 10:26 over 2 years
5.0.0 MIT 2021-01-11 - 07:35 over 3 years
4.0.0 MIT 2020-01-26 - 03:03 about 4 years
3.2.0 MIT 2019-04-05 - 21:30 about 5 years
3.1.1 MIT 2019-03-22 - 10:46 about 5 years
3.1.0 MIT 2019-03-21 - 15:48 about 5 years
3.0.0 MIT 2019-03-06 - 16:08 about 5 years
2.0.0 MIT 2018-01-08 - 19:09 over 6 years
1.2.0 MIT 2016-03-05 - 08:49 about 8 years
1.1.2 MIT 2015-12-23 - 01:05 over 8 years
1.1.1 MIT 2 2015-10-29 - 16:21 over 8 years
1.1.0 MIT 2 2015-10-25 - 19:24 over 8 years
1.0.0 MIT 2015-01-24 - 11:12 about 9 years