Description
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Recommendation
Update the terser package to the latest compatible version. Followings are version details:
Affected version(s): **>= 5.0.0, < 5.14.2 < 4.8.1** Patched version(s): **5.14.2 4.8.1**
References
Related Issues
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
- @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtrack - CVE-2025-25289
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtrac - CVE-2025-25290
You might also like:
- Tags:
- npm
- terser
Anything's wrong? Let us know Last updated on April 11, 2023


