Описание
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
A flaw was found in Vue.js. Within the parseHTML() function of html-parser.ts, there is a regular expression (regex) to check for proper closing tags for HTML. However, due to an improperly written regex, when you pass a script containing long text, it will trigger a regular expression denial of service (ReDoS) attack, which can cause the process to slow down significantly and render the application unavailable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | cldr-emoji-annotation | Fix deferred | ||
| Red Hat Enterprise Linux 7 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 7 | thunderbird | Fix deferred | ||
| Red Hat Enterprise Linux 8 | cldr-emoji-annotation | Fix deferred | ||
| Red Hat Enterprise Linux 8 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 8 | thunderbird | Fix deferred | ||
| Red Hat Enterprise Linux 9 | cldr-emoji-annotation | Fix deferred | ||
| Red Hat Enterprise Linux 9 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 9 | firefox:flatpak/firefox | Fix deferred | ||
| Red Hat Enterprise Linux 9 | gjs | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
Связанные уязвимости
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
EPSS
3.1 Low
CVSS3