Regular Expression Denial of Service (ReDoS) vulnerability in nth-check

[camgrimsec]

Introduction: This issue highlights a vulnerability in the nth-check package, specifically related to Regular Expression Denial of Service (ReDoS). This vulnerability is identified with a CVSS score of 7.5 (High Severity) by both Snyk and NVD.

Details: The vulnerability is introduced through @tryghost/[email protected] and affects versions of nth-check prior to 2.0.1.

Exploit Maturity: The exploit maturity is identified as Proof of Concept.

Detailed Paths:

Introduced through: @tryghost/[email protected] › @tryghost/[email protected] › @tryghost/[email protected] › [email protected] › [email protected] › [email protected]

Security Information:

Snyk: CVSS 7.5 - High Severity
NVD: CVSS 7.5 - High Severity

Overview: nth-check is a library used for parsing CSS nth-child expressions.

Vulnerability Description: Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks. This vulnerability is due to the sub-pattern \s*(?:([+-]?)\s*(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency. An attacker can exploit this by providing a specially crafted input, leading to excessive backtracking during regex processing, which may result in a denial of service condition.

Remediation: Upgrade to version 2.0.1 or later of nth-check to fix this vulnerability. Unfortunately, there is no remediation path available for previous versions.

Proposed Changes: Update the dependency on nth-check to version 2.0.1 or later in the package.json file.

Testing: After updating the dependency, ensure that all existing functionality continues to work as expected. Perform thorough testing to verify that the vulnerability has been mitigated.