Description
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Recommendation
Update the terser package to the latest compatible version. Followings are version details:
Affected version(s): **>= 5.0.0, < 5.14.2 < 4.8.1** Patched version(s): **5.14.2 4.8.1**
References
Related Issues
- @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking - CVE-2025-25285
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtrac - CVE-2025-25290
- Tags:
- npm
- terser
Anything's wrong? Let us know Last updated on April 11, 2023