Описание
Regular Expression Denial of Service in riot-compiler
Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability.
Recommendation
Update to version 2.3.22 or later.
Пакеты
Наименование
riot-compiler
npm
Затронутые версииВерсия исправления
< 2.3.22
2.3.22
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.