es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
- Severity:
- Low
Description
Passing functions with very long names or complex default argument names into function#copy orfunction#toStringTokens may put script to stall
Recommendation
Update the es5-ext package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.10.0, < 0.10.63
- Patched version(s): 0.10.63
References
Related Issues
- angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
- html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) (GHSA-545q-3fg6-48m7) - CVE-2021-23346
- parse-uri Regular expression Denial of Service (ReDoS) - CVE-2024-36751
- jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
- Tags:
- npm
- es5-ext
Anything's wrong? Let us know Last updated on February 26, 2024