Description
oswasp:
The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size).
Recommendation
Update the highlight.js package to the latest compatible version. Followings are version details:
- Affected version(s): >= 9.0.0, < 10.4.1
- Patched version(s): 10.4.1
References
Related Issues
- Prebid-universal-creative latest on npm briefly compromised - CVE-2025-59039
- Potential XSS vulnerability in jQuery (GHSA-gxr4-xjj5-5px2) - CVE-2020-11022
- Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags - CVE-2021-33295
- Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
- Tags:
- npm
- highlight.js
Anything's wrong? Let us know Last updated on January 09, 2023