CNNVD-202506-3775 Information

CNNVD ID

CNNVD-202506-3775

Related CVE

CVE-2025-45143

• CNNVD Published: 2025-06-30

Description (Chinese)

string-math是波兰devrafalko个人开发者的一个根据算术公式计算结果的模块（函数）。 string-math 1.2.2版本存在安全漏洞，该漏洞源于正则表达式处理不当，可能导致正则表达式拒绝服务攻击。

Description (English)

String-math is a module (function) for the calculation of results based on an arithmetical formula by the Polish personal developer Devrafalko. There is a security loophole in version 1.2.2, which stems from the mishandling of regular expressions, which could lead to a regular expression of denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-06-30

Last Modified

2026-02-24

References

https://gist.github.com/6en6ar/361608bccedb808061359481fe2f1b39 https://github.com/devrafalko/string-math/blob/master/string-math.js https://www.npmjs.com/package/string-math%2C https://access.redhat.com/security/cve/cve-2025-45143