Regular Expression Denial of Service - esm

Description

A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm’s find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

Recommendation

Update the esm package to the latest compatible version. Followings are version details:

• Affected version(s): < 3.1.0
• Patched version(s): 3.1.0

References

• GHSA-qx4v-6gc5-f2vv
• CWE-400

Related Issues

• Regular Expression Denial of Service in markdown - Vulnerability
• tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
• prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
• useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

esm