cve/2017/CVE-2017-16116.md

### [CVE-2017-16116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16116)
![](https://img.shields.io/static/v1?label=Product&message=string%20node%20module&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(CWE-400)&color=brighgreen)

### Description

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/engn33r/awesome-redos-security
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-16116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16116)`
			`![](https://img.shields.io/static/v1?label=Product&message=string%20node%20module&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(CWE-400)&color=brighgreen)`

			`### Description`

			`The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/engn33r/awesome-redos-security`