CVE-2026-24001

CVE-2026-24001 affects the jsdiff JavaScript library. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, parsing a patch whose filename headers contain certain line break characters (\r, \u2028, or \u2029) can cause parsePatch to enter an infinite loop, leading to unbounded memory consumption and ...