CVE-2021-33623: 
JavaScript vulnerability analysis and mitigation

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js contains a vulnerability related to regular expression denial-of-service (ReDoS) in the .end() method. The vulnerability was discovered and disclosed on May 28, 2021, affecting the popular JavaScript module used to strip newlines from the start and/or end of a string (CVE Mitre).

The vulnerability is classified as a Regular Expression Denial of Service (ReDoS) attack that exploits the way regular expression implementations can reach extreme situations causing them to work very slowly in a way that is exponentially related to the input size. The vulnerability has been assigned a CVSS score of 7.5 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

When successfully exploited, this vulnerability could lead to a Denial of Service (DoS) condition. An attacker can cause a program using node-trim-newlines to enter extreme situations where the regex processing hangs for a very long time, effectively making the service unavailable (Debian Advisory).

The vulnerability has been fixed in trim-newlines versions 3.0.1 and 4.0.1. Users are recommended to upgrade to these or later versions to address the security issue. The fix was implemented through commits that address the ReDoS vulnerability in the .end() method (GitHub Release).