Regular Expression Denial of Service (ReDoS) in jsx-slack

Description

jsx-slack v4.5.1 and earlier versions are vulnerable to a regular expression denial-of-service (ReDoS) attack.

Recommendation

Update the jsx-slack package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.5.1
• Patched version(s): 4.5.1

References

• GHSA-55xv-f85c-248q
• CVE-2021-43838
• CWE-1333
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Regular Expression Denial of Service (ReDoS) - ssri - CVE-2021-27290
• html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) - html-parse-stringify - CVE-2021-23346
• jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
• Regular Expression Denial of Service (ReDoS) in Prism - CVE-2021-32723

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

jsx-slack