Description
oswasp:
The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size).
Recommendation
Update the @highlightjs/cdn-assets package to the latest compatible version. Followings are version details:
- Affected version(s): < 10.4.1
- Patched version(s): 10.4.1
References
Related Issues
- ReDOS vulnerabities: multiple grammars (GHSA-7wwv-vh3v-89cq) - Vulnerability
- @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtrack - CVE-2025-25289
- d3-color vulnerable to ReDoS - Vulnerability
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
- Tags:
- npm
- @highlightjs/cdn-assets
Anything's wrong? Let us know Last updated on January 09, 2023