printf@0.0.4 vulnerabilities

Full implementation of the `printf` family in pure JS.

  • latest version

    0.6.1

  • latest non vulnerable version

  • first published

    13 years ago

  • latest version published

    3 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the printf package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Regular Expression Denial of Service (ReDoS)

    printf is a complete implementation of the printf C functions family for Node.JS, written in pure JavaScript.

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\#]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade printf to version 0.6.1 or higher.

    <0.6.1