Regular Expression Denial of Service in underscore.string
Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service (ReDoS). The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s f characters but grows exponentially with larger inputs. Upgrade to or higher.