CVE-2021-43838

Uncontrolled Resource Consumption in npm/jsx-slack

Identifiers

CVE-2021-43838, GHSA-55xv-f85c-248q

Package Slug

npm/jsx-slack

Vulnerability

Uncontrolled Resource Consumption

Description

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. users is vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into <blockquote> tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters.

Affected Versions

All versions before 4.5.2

Solution

Upgrade to version 4.5.2 or above.

Last Modified

2022-01-04

source