MEDIUM 5.3
GHSA-w8qv-6jwh-64r5
Regular Expression Denial of Service in browserslist
Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-23364 [ADVISORY]
- https://github.com/browserslist/browserslist/pull/593 [WEB]
- https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98 [WEB]
- https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474 [WEB]
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182 [WEB]
- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 [WEB]