get-func-name@1.0.0 vulnerabilities

Utility for getting a function's name for node and the browser

Direct Vulnerabilities

Known vulnerabilities in the get-func-name package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Regular Expression Denial of Service (ReDoS)

get-func-name is an Utility for getting a function's name for node and the browser

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the regex implementation for parsing values in the module. An attacker can exploit the excessive backtracking in the regex implementation.

Note: This is only exploitable if there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade get-func-name to version 2.0.1 or higher.

<2.0.1