GHSA-4cv2-xc5f-px8h

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 5

Описание

Denial of Service in extension "Code Highlight" (codehighlight)

The codehighlight extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service (ReDoS).

Ссылки

https://github.com/brotkrueml/codehighlight/commit/c2f05e5200f1562a3fba2de1f12ee9872f883e2c
https://github.com/FriendsOfPHP/security-advisories/blob/master/brotkrueml/codehighlight/2021-03-16-1.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2021-002

Пакеты

Наименование

brotkrueml/codehighlight

composer

Затронутые версииВерсия исправления

< 2.5.0

2.5.0

5 Medium

CVSS3

5 Medium

CVSS3