SNYK-JS-HTMLPARSESTRINGIFY2-1079307

SNYK-JS-HTMLPARSESTRINGIFY2-1079307 PUBLISHED CVSS 4.800000190734863 MEDIUM

## Overview [html-parse-stringify2](https://www.npmjs.com/package/html-parse-stringify2) is a This is a fork of html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. ## Remediation Upgrade `html-parse-stringify2` to version 2.0.2 or higher. ## References - [GitHub Commit](https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12) - [GitHub Commit](https://github.com/rayd/html-parse-stringify2/commit/7c48dbd3b0023504ac21a26ff3d00e04f3823d71) - [html-parse-stringify2 Vulnerable Code](https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js#L2) - [html-parse-stringify Vulnerable Code](https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js#L2)

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

Affected Products

Vendor	Product	Versions
		0

Timeline

Mar 1, 2021 CVE Published
Mar 1, 2021 CVE Updated

References

Open in Interactive Console →