CVE-2021-40660: Regular expression denial of service in Delight Nashorn Sandbox

June 14, 2022 (updated August 8, 2023)

An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.

References

github.com/advisories/GHSA-38j3-6fm8-pfgc
github.com/javadelight/delight-nashorn-sandbox/commit/9c8c3f3afca35e4dd176c959e1c2c5514c9d3131
github.com/javadelight/delight-nashorn-sandbox/issues/117
nvd.nist.gov/vuln/detail/CVE-2021-40660

Code Behaviors & Features

Detect and mitigate CVE-2021-40660 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →