Regular Expression Denial of Service in jadedown

Description

The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.0.3

References

• GHSA-6354-6mhv-mvv5
• www.npmjs.com
• CVE-2016-10520
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Regular Expression Denial of Service in moment (GHSA-87vv-r9j6-g5qv) - CVE-2016-4055
• angular vulnerable to regular expression denial of service via the <input type="url"> element - CVE-2023-26118
• angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
• Regular Expression Denial of Service (ReDoS) in lodash - CVE-2020-28500

Tags:

npm

jadedown