Description
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Recommendation
Update the browserslist package to the latest compatible version. Followings are version details:
- Affected version(s): >= 4.0.0, < 4.16.5
- Patched version(s): 4.16.5
References
Related Issues
- prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
- Regular Expression Denial of Service (ReDoS) (GHSA-vx3p-948g-6vhq) - CVE-2021-27290
- html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) - CVE-2021-23346
- Regular expression denial of service in jquery-validation (GHSA-j9m2-h2pv-wvph) - CVE-2021-43306
- Tags:
- npm
- browserslist
Anything's wrong? Let us know Last updated on August 17, 2023