CVE-2021-39157: 
JavaScript vulnerability analysis and mitigation

detect-character-encoding is an open source character encoding inspection library that was found to have a vulnerability (CVE-2021-39157) in versions 0.6.0 and earlier. The vulnerability was discovered and disclosed on August 24, 2021, affecting the library's core functionality when handling data that doesn't match any charset (GitHub Advisory).

The vulnerability is classified as an Improper Handling of Exceptional Conditions (CWE-755). When the library encounters data that doesn't match any charset, it fails to properly handle the null return value from the underlying ICU library's ucsdet_detect() function, leading to a segmentation fault. The vulnerability has a CVSS v3.1 base score of 7.5 (High) and a temporal score of 7.2, indicating significant severity (GitHub Advisory).

When exploited, this vulnerability causes the Node.js process to crash, resulting in a denial of service condition. The impact is particularly severe in network-facing applications that accept untrusted input and pass it directly to detect-character-encoding (GitHub Advisory).

The vulnerability has been patched in detect-character-encoding version 0.7.0. The fix involves properly handling the null return value from ucsdet_detect() by returning null instead of attempting to access properties of the null object. Users should upgrade to version 0.7.0 or later to resolve this issue (GitHub Advisory).