Regular Expression Denial of Service (ReDoS)

Severity:: High

Description

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Recommendation

Update the diff package to the latest compatible version. Followings are version details:

Affected version(s): < 3.5.0
Patched version(s): 3.5.0

References

GHSA-h6ch-v84p-w6p9
bugzilla.redhat.com
snyk.io
www.npmjs.com
www.whitesourcesoftware.com
CWE-400

Related Issues

ReDoS Vulnerability in ua-parser-js version - CVE-2022-25927
node-cube vulnerable to prototype pollution - CVE-2025-57348
DOMPurify allows Cross-site Scripting (XSS) - CVE-2025-26791
lite-server vulnerable to Denial of Service - CVE-2022-25940

Tags:: npm; diff

Anything's wrong? Let us know Last updated on February 12, 2025