Description
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Recommendation
Update the diff package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.5.0
- Patched version(s): 3.5.0
References
Related Issues
- tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
- Regular Expression Denial of Service in millisecond - Vulnerability
- Regular Expression Denial of Service (ReDoS) in lodash - lodash.trim - CVE-2020-28500
- CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
You might also like:
- Tags:
- npm
- diff
Anything's wrong? Let us know Last updated on February 12, 2025


