Noncollinear Perpendicular Microcrystalline
    Severity: high

    Regular Expression Denial of Service

    normalize-url

    Overview

    normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

    Remediation

    Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Jun 8th, 2021
    2. reported

      Reported by Anonymous
      Jun 8th, 2021