parser icon indicating copy to clipboard operation
parser copied to clipboard
verified publisher icon postlight

Regular Expression Denial of Service (ReDoS) Security Vulnerability CVE-2021-3803

Open shrestaz opened this issue 1 year ago • 0 comments

Vulnerability Details

Vulnerability Type: Regular Expression Denial of Service (ReDoS) Severity: High Vulnerable Package: [email protected] Introduced By: [email protected] > [email protected] > [email protected] Fixed In: [email protected] More Info: Snyk Security Advisory

Impact

The vulnerability allows for a potential Denial of Service (DoS) attack by exploiting the regular expressions used in nth-check. Given the high severity, it poses a significant risk to systems relying on this dependency chain.

Additional Info

I had previously emailed your security email address and followed that up with your team's main email address with no acknowledgement for either of them. As this is a high security vulnerability, action towards migrating to updated cheerio (currently RC version) or patching the transitive dependency would be greatly appreciated.

shrestaz avatar Jul 17 '24 07:07 shrestaz