VDB
KO
HIGH 7.5

GHSA-86vw-mfpg-wwv9

jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

Details

### Impact In JSONata `<v2.2.0`, it is possible to craft non-matching inputs to the [$toMillis](https://docs.jsonata.org/date-time-functions#tomillis) function that cause superlinear backtracking in the ISO-8601 validation regex. This may lead to denial of service in applications that evaluate user-provided JSONata expressions.

### Patches This issue has been addressed in JSONata version >= 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation.

### References https://github.com/jsonata-js/jsonata/releases/tag/v2.2.0

### Credit Thank you to Doruk Tan Öztürk for disclosing this issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / jsonata
Introduced in: 0 Fixed in: 2.2.0
Fix npm install jsonata@2.2.0

References