Vulnerability: Regular Expression Denial of Service (ReDoS) in sanitize-html package

Vulnerability: Regular Expression Denial of Service (ReDoS) in sanitize-html package

CVE-2022-25887 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

Learn more about our Web Application Penetration Testing UK.