{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T05:09:09.375","vulnerabilities":[{"cve":{"id":"CVE-2021-43838","sourceIdentifier":"security-advisories@github.com","published":"2021-12-17T19:15:07.683","lastModified":"2024-11-21T06:29:54.097","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `
` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible."},{"lang":"es","value":"jsx-slack es una biblioteca para construir objetos JSON para las superficies del Slack Block Kit desde JSX. En versiones anteriores a la 4.5.1, los usuarios son vulnerables a un ataque de denegación de servicio por expresión regular (ReDoS). Si el atacante puede poner muchos elementos JSX en la etiqueta \"
\", una expresión regular interna para escapar caracteres puede consumir una cantidad excesiva de recursos informáticos. jsx-slack versión v4.5.1 ha parcheado a una expresión regular para escapar caracteres de blockquote. Se recomienda a usuarios que se actualicen lo antes posible
"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jsx-slack_project:jsx-slack:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.5.2","matchCriteriaId":"7E7A11E3-74FF-4031-892F-552C8FB985A1"}]}]}],"references":[{"url":"https://github.com/yhatt/jsx-slack/commit/36e4a10405e4c7745333e245fcc5029c02c7065d","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/yhatt/jsx-slack/security/advisories/GHSA-55xv-f85c-248q","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/yhatt/jsx-slack/commit/36e4a10405e4c7745333e245fcc5029c02c7065d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/yhatt/jsx-slack/security/advisories/GHSA-55xv-f85c-248q","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}