CVE-2023-30858: 
NixOS vulnerability analysis and mitigation

The Denosaurs emoji package, which provides emojis for dinosaurs, contained a vulnerability (CVE-2023-30858) discovered in versions 0.1.0 through 0.3.0. The vulnerability was related to the reTrimSpace regex implementation that exhibited 2nd degree polynomial inefficiency. The issue was disclosed on April 28, 2023, and was patched in version 0.3.0 (GitHub Advisory).

The vulnerability stems from an inefficient regular expression implementation in the reTrimSpace function, which could lead to delayed responses when processing large payloads. The issue received a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The vulnerability is classified as CWE-1333 (Inefficient Regular Expression Complexity) (GitHub Advisory).

When exploited, this vulnerability could cause delayed responses in applications using the affected versions of the emoji package when processing large payloads. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (GitHub Advisory).

The vulnerability has been patched in version 0.3.0 of the emoji package. Users are recommended to upgrade to this version, which is fully compatible with previous versions. As a temporary workaround, users can avoid using the replace, unemojify, or strip functions (GitHub Advisory).