DEBIAN-CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001

CVE-2026-24001 concerns jsdiff, a JavaScript diff library. The description documents a denial-of-service vulnerability: if patch filenames contain line break characters (\r, \u2028, or \u2029), parsePatch can loop infinitely and exhaust memory, crashing the process. The issue affects versions pri...

GHSA-73RR-HH4G-FPGX jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

PT-2026-3905

Name of the Vulnerable Software and Affected Versions jsdiff versions prior to 8.0.3 jsdiff versions prior to 5.2.2 jsdiff versions prior to 4.0.4 Description jsdiff is a JavaScript text differencing implementation. When processing a patch file, if the filename headers contain specific line break...

Regular Expression Denial of Service (ReDoS)

Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...