-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability stems from inefficient regular expressions in three functions in lib/spintax.js. The commit patched these regex patterns to mitigate ReDoS risks. exports.isSpintax's original regex had nested greedy quantifiers, a classic ReDoS trigger. exports.findSpintax's regex, while less critical, still posed parsing ambiguities. exports.isValidUnspin's regex allowed backtracking via unescaped braces and alternations. The high-confidence assessments align with the explicit regex fixes in the commit and the CWE-1333 classification.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mel-spintax | npm | < 1.0.3 | 1.0.3 |
Ongoing coverage of React2Shell