CVE-2022-22138: Uncontrolled Resource Consumption in fast-string-search
(updated )
All versions of package fast-string-search is vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.
References
Detect and mitigate CVE-2022-22138 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →