Terser insecure use of regular expressions leads to ReDoS

Description

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Recommendation

Update the terser package to the latest compatible version. Followings are version details:

• Affected version(s): **>= 5.0.0, < 5.14.2

  < 4.8.1**

• Patched version(s): **5.14.2

  4.8.1**

References

• GHSA-4wf5-vphf-c2xc
• snyk.io
• CVE-2022-25858
• CWE-1333
• CAPEC-310
• OWASP 2021-A6

Related Issues

• angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
• @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
• @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking - CVE-2025-25285
• @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtrack - CVE-2025-25289

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

terser