CVE-2022-25858

Regular Expression Denial of Service (ReDoS) in npm/terser

Identifiers

CVE-2022-25858

Package Slug

npm/terser

Vulnerability

Regular Expression Denial of Service (ReDoS)

Description

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 is vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Affected Versions

All versions before 4.8.1, all versions starting from 5.0.0 before 5.14.2

Solution

Upgrade to versions 4.8.1, 5.14.2 or above.

Last Modified

2022-07-26

source