Regular Expression Denial of Service (ReDoS)

Description

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Recommendation

Update the diff package to the latest compatible version. Followings are version details:

• Affected version(s): < 3.5.0
• Patched version(s): 3.5.0

References

• GHSA-h6ch-v84p-w6p9
• bugzilla.redhat.com
• snyk.io
• www.npmjs.com
• www.whitesourcesoftware.com
• CWE-400

Related Issues

• tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
• Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery - CVE-2026-30925
• jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
• markdown-it is has a Regular Expression Denial of Service (ReDoS) - CVE-2026-2327

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

diff