CVE-2023-22467
Luxon’s DateTime.fromRFC2822() on the 1.x branch before 1.38.1, the 2.x branch before 2.5.2, and the 3.x branch on 3.2.1 exhibits quadratic (N^2) complexity for some inputs, causing slowdowns for untrusted data (≈ >10k chars) and enabling (Re)DoS. Patches exist in 1.38.1, 2.5.2, and 3.2.1; a r...