GHSA-65xh-hh78-6454: Denial of Service in extension "Code Highlight" (codehighlight)
The codehighlight extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service (ReDoS).
References
- github.com/FriendsOfPHP/security-advisories/blob/master/brotkrueml/codehighlight/2021-11-10-1.yaml
- github.com/advisories/GHSA-65xh-hh78-6454
- github.com/brotkrueml/codehighlight
- github.com/brotkrueml/codehighlight/commit/c43d46ef571a3b94a6240782423ce04bfada7fd8
- typo3.org/security/advisory/typo3-ext-sa-2021-016
Detect and mitigate GHSA-65xh-hh78-6454 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →