Regular Expression Denial of Service

2021-02-25T01:37:17
ID NODEJS:1632
Type nodejs
Reporter Anonymous
Modified 2021-02-25T01:37:43

Description

Overview

A Regular Expression Denial of Service vulnerability was discovered in esm. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

Recommendation

Upgrade to version 3.1.0 or later

References