CVE-2023-30858 MEDIUM

CVE-2023-30858: Denosaurs emoji has ReDoS vulnerability in `replace` function

Vendor Denosaurs
Product emoji
Weakness CWE-1333
Published April 28, 2023
Last update January 30, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.

Key dates

02Disclosure timeline

April 28, 2023 CVE published
January 30, 2025 Record updated