Regular Expression Denial of Service (ReDoS)

Severity:: High

Description

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Recommendation

Update the diff package to the latest compatible version. Followings are version details:

Affected version(s): < 3.5.0
Patched version(s): 3.5.0

References

GHSA-h6ch-v84p-w6p9
bugzilla.redhat.com
snyk.io
www.npmjs.com
www.whitesourcesoftware.com
CWE-400

Related Issues

tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
Marked allows Regular Expression Denial of Service (ReDoS) attacks - CVE-2018-25110
jsPDF Bypass Regular Expression Denial of Service (ReDoS) - CVE-2025-29907
Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304

Tags:: npm; diff

Anything's wrong? Let us know Last updated on February 12, 2025