Regular Expression Denial of Service - nwmatcher

Description

A Regular Expression vulnerability was found in nwmatcher before 1.4.4. The fix replacing multiple repeated instances of the “\s*” pattern.

Recommendation

Update the nwmatcher package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.4.4
• Patched version(s): 1.4.4

References

• GHSA-6394-6h9h-cfjg
• CWE-400

Related Issues

• Regular Expression Denial of Service in markdown - Vulnerability
• tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
• prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
• useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

nwmatcher