Regular Expression Denial of Service in jadedown

Description

The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.0.3

References

• GHSA-6354-6mhv-mvv5
• www.npmjs.com
• CVE-2016-10520
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Regular Expression Denial of Service in moment - moment - CVE-2016-4055
• Regular Expression Denial of Service in slug - CVE-2017-16117
• uap-core Regular Expression Denial of Service issue - CVE-2018-20164
• Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths - CVE-2026-39320

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

jadedown