Skip to content

Regular Expression Denial of Service (ReDoS)

high severity Published Jun 13, 2019 • Updated Feb 24, 2021

Package

npm diff (npm)

Affected versions

< 3.5.0

Patched versions

3.5.0

Description

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

References

GHSA ID

GHSA-h6ch-v84p-w6p9