Vulnerabilities > CVE-2023-30858 - Unspecified vulnerability in Denosaurs Emoji

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

denosaurs

NVD

Published: 2023-04-28

Updated: 2024-11-21

Summary

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.

Vulnerable Configurations

Part	Description	Count
Application	Denosaurs Denosaurs Emoji 0.1.0 Denosaurs Emoji 0.1.1 Denosaurs Emoji 0.1.2 Denosaurs Emoji 0.2.0 Denosaurs Emoji 0.2.1	5

References

https://github.com/denosaurs/emoji/pull/11
https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v
https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/
https://github.com/denosaurs/emoji/pull/11
https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/
https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v