VDB

SNYK-JS-HTMLPARSESTRINGIFY-1079306

SNYK-JS-HTMLPARSESTRINGIFY-1079306 PUBLISHED CVSS 4.800000190734863 MEDIUM

## Overview [html-parse-stringify](https://github.com/henrikjoreteg/html-parse-stringify) is a https://github.com/henrikjoreteg/html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. ## Remediation Upgrade `html-parse-stringify` to version 2.0.1 or higher. ## References - [GitHub Commit](https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12) - [GitHub Commit](https://github.com/rayd/html-parse-stringify2/commit/7c48dbd3b0023504ac21a26ff3d00e04f3823d71) - [html-parse-stringify2 Vulnerable Code](https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js#L2) - [html-parse-stringify Vulnerable Code](https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js#L2)

Risk Scores

CVSS 3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

Affected Products

VendorProductVersions
0

Timeline

  • Mar 1, 2021 CVE Published
  • Mar 1, 2021 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›