Skip to content

Denial of service in prismjs

high severity Published Mar 1, 2021

Package

npm prismjs (npm)

Affected versions

< 1.23.0

Patched versions

1.23.0

Description

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

References

CVE ID

CVE-2021-23341