SNYK-JS-HTMLPARSESTRINGIFY2-1079307
## Overview [html-parse-stringify2](https://www.npmjs.com/package/html-parse-stringify2) is a This is a fork of html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. ## Remediation Upgrade `html-parse-stringify2` to version 2.0.2 or higher. ## References - [GitHub Commit](https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12) - [GitHub Commit](https://github.com/rayd/html-parse-stringify2/commit/7c48dbd3b0023504ac21a26ff3d00e04f3823d71) - [html-parse-stringify2 Vulnerable Code](https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js#L2) - [html-parse-stringify Vulnerable Code](https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js#L2)
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 |
Timeline
- Mar 1, 2021 CVE Published
- Mar 1, 2021 CVE Updated
References
- https://security.snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307 advisory
- https://learn.snyk.io/lesson/redos/ technical
- https://www.npmjs.com/package/html-parse-stringify2 vendor
- https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12 patch
- https://github.com/rayd/html-parse-stringify2/commit/7c48dbd3b0023504ac21a26ff3d00e04f3823d71 patch
- https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js#L2 technical
- https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js#L2 technical