Description
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Recommendation
Update the terser package to the latest compatible version. Followings are version details:
Affected version(s): **>= 5.0.0, < 5.14.2 < 4.8.1** Patched version(s): **5.14.2 4.8.1**
References
Related Issues
- Finance.js vulnerable to DoS via the seekZero() parameter - CVE-2025-56572
- Stimulsoft Dashboard.JS directory traversal vulnerability - CVE-2024-24398
- Inefficient Regular Expression Complexity in handsontable - CVE-2021-23446
- Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
- Tags:
- npm
- terser
Anything's wrong? Let us know Last updated on April 11, 2023