Giters

dbashford / textract

node.js module for extracting text from html, pdf, doc, docx, xls, xlsx, csv, pptx, png, jpg, gif, rtf and more!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-3803

prafullkulkarni opened this issue · comments

commented

Hi @dbashford

A vulnerability has been reported on - cheerio-1.0.0-rc.2.tgz -> css-select-1.2.0.tgz -> nth-check-1.0.2.tgz

nth-check is vulnerable to Inefficient Regular Expression Complexity

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-3803

commented

Hey @prafullkulkarni,

We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We created an nth-check 1.02-sp1 that's vulnerability-free. As with all of our patches, it's open-source and available for free.

If relevant, check out our GitHub repo if you wish to learn more, or start using our app.

Please feel free to reach us at info@seal.security if you have any requests/questions.