7 High
AI Score
Confidence
High
The codehighlight extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service (ReDoS).
github.com/brotkrueml/codehighlight
github.com/brotkrueml/codehighlight/commit/c2f05e5200f1562a3fba2de1f12ee9872f883e2c
github.com/FriendsOfPHP/security-advisories/blob/master/brotkrueml/codehighlight/2021-03-16-1.yaml
typo3.org/security/advisory/typo3-ext-sa-2021-002