Severity: moderate

    Regular Expression Denial of Service

    @progfay/scrapbox-parser

    Overview

    Impact

    @progfay/scrapbox-parser before 6.0.3 and 7.0.2 are vulnerable to Regular Expression Denial of Service (ReDoS) in DecorationNode, StrongNode and ExternalLinkNode. An attacker may be able to craft text which causes the application to consume an excessive amount of CPU.

    Remediation

    Upgrade to version 6.0.3, or 7.0.2, or later

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Mar 1st, 2021
    2. reported

      Reported by Anonymous
      Mar 1st, 2021