0xweb (>=0.9.9 <=0.10.93), 1508-cli (>=1.0.0 <=1.0.6) +9793 more potentially affected by unknown CVE via underscore.string (>=1.1.3 <=3.3.4)

underscore.string NPM version =1.1.3, =0.9.9, =1.0.0, =1.0.0, =0.0.2, =0.1.1, =2.0.0-rc5, =0.0.1, =1.0.1, =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V2P6-4MP7-3R9V...

GHSA-V2P6-4MP7-3R9V Regular Expression Denial of Service in underscore.string

Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service ReDoS. The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s for 50,000 characters but grows exponentially with larger inputs. Recommendati...