Vulnerability: Regular Expression Denial of Service (ReDoS) in sanitize-html package
CVE-2022-25887 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Learn more about our Web Application Penetration Testing UK.