Regular Expression Denial of Service · GHSA-qx4v-6gc5-f2vv · GitHub Advisory Database · GitHub

Regular Expression Denial of Service

Moderate severity GitHub Reviewed Published Jun 20, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

esm (npm)

Affected versions

< 3.1.0

Patched versions

3.1.0

Description

A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

References

Reviewed Jun 20, 2019

Published to the GitHub Advisory Database Jun 20, 2019

Last updated Jan 9, 2023