New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-37620/ ReDoS found in htmlminifier.js #1135
Comments
|
Is anyone willing to work on this? |
|
Any update on this? |
|
One of the lines referred to be the CVE has the following regex Would changing it to
|
|
I stumbled upon a fork of this maintained by terser: https://www.npmjs.com/package/html-minifier-terser Probably the way to go. |
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
The ReDoS vulnerability can be mitigated with several best practices described here: [https://snyk.io/blog/redos-and-catastrophic-backtracking/]
The text was updated successfully, but these errors were encountered: