Severity: moderate

    Regular Expression Denial of Service




    @progfay/scrapbox-parser before 6.0.3 and 7.0.2 are vulnerable to Regular Expression Denial of Service (ReDoS) in DecorationNode, StrongNode and ExternalLinkNode. An attacker may be able to craft text which causes the application to consume an excessive amount of CPU.


    Upgrade to version 6.0.3, or 7.0.2, or later

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Mar 1st, 2021
    2. reported

      Reported by Anonymous
      Mar 1st, 2021