Home

Description

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

PUBLISHED Reserved 2025-04-22 | Published 2025-06-30 | Updated 2025-06-30 | Assigner mitre

References

www.npmjs.com/package/string-math,

github.com/devrafalko/string-math/blob/master/string-math.js

gist.github.com/6en6ar/361608bccedb808061359481fe2f1b39

cve.org (CVE-2025-45143)

nvd.nist.gov (CVE-2025-45143)

Download JSON