Vulnerabilities/

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Severity:: Medium

Description

When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).

Recommendation

Update the @babel/runtime-corejs3 package to the latest compatible version. Followings are version details:

Affected version(s): **>= 8.0.0-alpha.0, < 8.0.0-alpha.16 < 7.26.10**
Patched version(s): **8.0.0-alpha.17 7.26.10**

References

GHSA-968p-4wvh-cqc8
CVE-2025-27789
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - @babel/helpers - CVE-2025-27789
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - @babel/runtime - CVE-2025-27789
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - @babel/runtime-corejs2 - CVE-2025-27789
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - CVE-2023-45133

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; @babel/runtime-corejs3

Anything's wrong? Let us know Last updated on April 16, 2025