You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Inefficient Regular Expression Complexity in Loofah
High severity
GitHub Reviewed
Published
Dec 13, 2022
in
flavorjones/loofah
•
Updated Sep 14, 2023
Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption.
Summary
Loofah
< 2.19.1
contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption.Mitigation
Upgrade to Loofah
>= 2.19.1
.Severity
The Loofah maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
References
Credit
This vulnerability was responsibly reported by @ooooooo-q (https://github.com/ooooooo-q).
References