Description
We found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient to save from Regular Expression Denial of Service (ReDoS) attack.
This vulnerability affects to jsx-slack v4.5.1 and earlier versions.
Recommendation
Update the jsx-slack package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.5.2
- Patched version(s): 4.5.2
References
Related Issues
- Regular Expression Denial of Service (ReDoS) in jsx-slack - CVE-2021-43838
- ReDoS in Sec-Websocket-Protocol header - CVE-2021-32640
- Apostrophe CMS Insufficient Session Expiration vulnerability - CVE-2021-25979
- Regular Expression Denial of Service (ReDoS) in Prism - CVE-2021-32723
- Tags:
- npm
- jsx-slack
Anything's wrong? Let us know Last updated on January 30, 2023