Description
oswasp:
The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size).
Recommendation
Update the highlight.js package to the latest compatible version. Followings are version details:
- Affected version(s): >= 9.0.0, < 10.4.1
- Patched version(s): 10.4.1
References
Related Issues
- ReDOS vulnerabities: multiple grammars - Vulnerability
- Cross-Site Scripting in swagger-ui (GHSA-4f9m-pxwh-68hg) - Vulnerability
- Server side request forgery in SwaggerUI (GHSA-qrmm-w75w-3wpx) - Vulnerability
- Server side request forgery in SwaggerUI (GHSA-qrmm-w75w-3wpx) 2 - Vulnerability
- Tags:
- npm
- highlight.js
Anything's wrong? Let us know Last updated on January 09, 2023