← Back

C2fo

c2fo

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Fast Csv
fast-csv
1 CVE
Comb
comb
1 CVE

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-23561
1C2fo
1Comb
Nov 21, 2024
Dec 10, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.
CVE-2020-26256
1C2fo
1Fast Csv
Nov 21, 2024
Dec 8, 2020
N/A· v4
6.5 MEDIUM· v3
3.5 LOW· v2
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when u...Show more
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable.Show less