Description
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Recommendation
Update the terser package to the latest compatible version. Followings are version details:
Affected version(s): **>= 5.0.0, < 5.14.2 < 4.8.1** Patched version(s): **5.14.2 4.8.1**
References
Related Issues
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking - CVE-2025-25285
- @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtrack - CVE-2025-25289
- Tags:
- npm
- terser
Anything's wrong? Let us know Last updated on April 11, 2023