@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
The ConfigCommentParser#parseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service (ReDoS) attack in its only argument.
Advisories for Npm/@Eslint/Plugin-Kit package
2025
2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Crafting a very large and well crafted string can increase the CPU usage and crash the program.