docs.hackerone.com Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS

Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS

Open imhunterand opened this issue 2 years ago • 0 comments

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

upgrade terser to version 5.14.2 or later. For example:

terser@^5.14.2:
  version "5.14.2"

Jul 30 '22 19:07 imhunterand

docs.hackerone.com docs.hackerone.com copied to clipboard

Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS

docs.hackerone.com
docs.hackerone.com copied to clipboard