Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups (GHSA-968p-4wvh-cqc8) 2

Severity:: Medium

Description

When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).

Recommendation

Update the @babel/runtime package to the latest compatible version. Followings are version details:

Affected version(s): **>= 8.0.0-alpha.0, < 8.0.0-alpha.16 < 7.26.10**
Patched version(s): **8.0.0-alpha.17 7.26.10**

References

GHSA-968p-4wvh-cqc8
CVE-2025-27789
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups (GHSA-968p-4wvh-cqc8) - CVE-2025-27789
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups (GHSA-968p-4wvh-cqc8) 3 - CVE-2025-27789
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - CVE-2025-27789
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] (GHSA-963h-3v39-3pqf) - CVE-2025-27793

Tags:: npm; @babel/runtime

Anything's wrong? Let us know Last updated on April 16, 2025