Description

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively, and an out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. Version 2.1.3 contains a patch.

INFO

Published Date :

2025-02-12T18:21:48.693Z

Last Modified :

2025-02-12T19:25:45.402Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-25283 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25283.

URL Resource
https://github.com/jkroso/parse-duration/commit/9e88421bfd41806fa4b473bfb28a9ee9dafc27d7 cve-icon cve-icon
https://github.com/jkroso/parse-duration/releases/tag/v2.1.3 cve-icon cve-icon
https://github.com/jkroso/parse-duration/security/advisories/GHSA-hcrg-fc28-fcg5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact