DEBIAN-CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001

CVE-2026-24001 affects the jsdiff JavaScript library. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, parsing a patch whose filename headers contain certain line break characters (\r, \u2028, or \u2029) can cause parsePatch to enter an infinite loop, leading to unbounded memory consumption and ...

GHSA-73RR-HH4G-FPGX jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

PT-2026-3905

Name of the Vulnerable Software and Affected Versions jsdiff versions prior to 8.0.3 jsdiff versions prior to 5.2.2 jsdiff versions prior to 4.0.4 Description jsdiff is a JavaScript text differencing implementation. When processing a patch file, if the filename headers contain specific line break...

Regular Expression Denial of Service (ReDoS)

Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...