CVE-2019-17592: Improper Input Validation

October 14, 2019 (updated November 27, 2019)

csv-parse is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.

References

nvd.nist.gov/vuln/detail/CVE-2019-17592

Code Behaviors & Features

Detect and mitigate CVE-2019-17592 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →