Advisories for Npm/Slug package

2018

Uncontrolled Resource Consumption

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About k characters can block the event loop for 2 seconds.

2017

Regular Expression Denial of Service

slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About k characters can block the event loop for 2 seconds.