Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
- Severity:
- Medium
Description
When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).
Recommendation
Update the @babel/runtime-corejs3 package to the latest compatible version. Followings are version details:
Affected version(s): **>= 8.0.0-alpha.0, < 8.0.0-alpha.16 < 7.26.10** Patched version(s): **8.0.0-alpha.17 7.26.10**
References
Related Issues
- Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups (GHSA-968p-4wvh-cqc8) - CVE-2025-27789
- Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups (GHSA-968p-4wvh-cqc8) 3 - CVE-2025-27789
- Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups (GHSA-968p-4wvh-cqc8) 2 - CVE-2025-27789
- Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) - CVE-2025-66398
- Tags:
- npm
- @babel/runtime-corejs3
Anything's wrong? Let us know Last updated on April 16, 2025