Description
oswasp:
The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size).
Recommendation
Update the highlight.js package to the latest compatible version. Followings are version details:
- Affected version(s): >= 9.0.0, < 10.4.1
- Patched version(s): 10.4.1
References
Related Issues
- ReDOS vulnerabities: multiple grammars - Vulnerability
- Regular Expression Denial of Service in marked (GHSA-ch52-vgq2-943f) - Vulnerability
- Cross-Site Scripting in swagger-ui (GHSA-g336-c7wv-8hp3) - Vulnerability
- Vega has Cross-site Scripting vulnerability in `lassoAppend` function (GHSA-w5m3-xh75-mp55) - CVE-2023-26487
- Tags:
- npm
- highlight.js
Anything's wrong? Let us know Last updated on January 09, 2023