emotion icon indicating copy to clipboard operation
emotion copied to clipboard
verified publisher icon emotion-js

Vulnerability in path-parse v1.0.6 (CVE-2021-23343)

Open jprince opened this issue 2 years ago • 0 comments

Current behavior: The project depends on path-parse v1.0.6, which is vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

For more detail see: https://github.com/advisories/GHSA-hj48-42vr-x3v9

Expected behavior: The project already depends on the patched version of path-parse - v1.0.7 - so remediating this is a matter of removing the dependency on v1.0.6.

Environment information:

  • react version: N/A
  • @emotion/react version: multiple, including latest

jprince avatar Aug 15 '23 22:08 jprince