Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `parsePatch()` and `applyPatch()` functions if the user input passed without sanitisation. An attacker can cause the process to enter an infinite loop and exhaust system memory by providing a patch with filename headers containing `\r`, `\u2028`, or `\u2029` characters or having control over patch's `patch` header for application generated patches. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `diff` to version 4.0.4, 5.2.2, 8.0.3 or higher.	<4.0.4>=5.0.0 <5.2.2<8.0.3

Regular Expression Denial of Service (ReDoS)

diff is a javascript text differencing implementation.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the parsePatch() and applyPatch() functions if the user input passed without sanitisation. An attacker can cause the process to enter an infinite loop and exhaust system memory by providing a patch with filename headers containing \r, \u2028, or \u2029 characters or having control over patch's patch header for application generated patches.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade diff to version 4.0.4, 5.2.2, 8.0.3 or higher.

<4.0.4>=5.0.0 <5.2.2<8.0.3

Go back to all versions of this package