CVE-2023-30858 Information

Description

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0 the reTrimSpace regex has 2nd degree polynomial inefficiency leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround avoid using the replace unemojify or strip functions.

Reference

https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/ https://github.com/denosaurs/emoji/pull/11