This security bulletin contains one medium risk vulnerability.
The vulnerability allows a remote attacker to perform regular expression denial of service (ReDoS) attack.
The vulnerability exists due to usage of a very complex regular expression in papaparse.js. A remote attacker can pass specially crafted input to the application and consume extensive system resources, resulting in a denial of service condition.
Install updates from vendor's website.Vulnerable software versions
papaparse: 5.0.0 - 5.1.1Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?