CVE-2014-8881
All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function.
Recommendation
The bleach package is not currently maintained, and has not seen an update since 2014.
To mitigate this issue, it is necessary to use an alternative module that is actively maintained and provides similar functionality. There are multiple modules fitting this criteria available on npm..
| Software | From | Fixed in |
|---|---|---|
bleach
|
0.0.0 | - |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime