4talent-questions-shortlist (=1.3.3), @42.nl/ui (>=1.0.7 <=1.0.9) +634 more potentially affected by CVE-2021-23346 via html-parse-stringify2 (>=1.2.1 <=2.0.1)

html-parse-stringify2 NPM version =1.2.1, =1.0.7, =5.0.1, =0.1.0, =1.0.0, =0.2.0-alpha.1, =0.1.2, =0.9.9, =0.9.9, =6.3.0, =3.6.0, =0.3.1, =0.1.0, =0.3.0 and more Source cves: CVE-2021-23346 Source advisory: OSV:GHSA-545Q-3FG6-48M7...

html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

Regular Expression Denial Of Service (ReDoS)

html-parse-stringify2 is vulnerable to regular express denial of service ReDoS. The vulnerability exists through the regular expression of tagRE where parsing strings with multiple ' and " can consume huge amount of CPU resources...