VDB
KO
MEDIUM 5.3

GHSA-w8qv-6jwh-64r5

Regular Expression Denial of Service in browserslist

Details

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / browserslist
Introduced in: 4.0.0 Fixed in: 4.16.5
Fix npm install browserslist@4.16.5

References