tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

Severity:: Medium

Description

A potential Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id parameter.

Recommendation

Update the tarteaucitronjs package to the latest compatible version. Followings are version details:

Affected version(s): < 1.29.0
Patched version(s): 1.29.0

References

GHSA-q5f6-qxm2-mcqm
CVE-2026-22809
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery - CVE-2026-30925
markdown-it is has a Regular Expression Denial of Service (ReDoS) - CVE-2026-2327
jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
Knwl.js Regular Expression Denial of Service vulnerability - CVE-2020-26306

Tags:: npm; tarteaucitronjs

Anything's wrong? Let us know Last updated on January 14, 2026