Open adrianobold opened 2 years ago
https://github.com/bold-commerce/subscriptions-customer-portal/blob/272a3b659c4dbb664d8e5601f82b99ad2a94b0f2/package-lock.json#L8031
introduced by react-scripts@5.0.0 > @svgr/webpack@5.5.0 > @svgr/plugin-svgo@5.5.0 > svgo@1.3.2 > css-select@2.1.0 > nth-check@1.0.2
This issue was fixed in versions: 2.0.1
Reference:
Overview nth-check is vulnerable to Inefficient Regular Expression Complexity
Recommendation Upgrade to version 2.0.1 or later
References
https://github.com/bold-commerce/subscriptions-customer-portal/blob/272a3b659c4dbb664d8e5601f82b99ad2a94b0f2/package-lock.json#L8031
Regular Expression Denial of Service (ReDoS) [High Severity] in nth-check@1.0.2
introduced by react-scripts@5.0.0 > @svgr/webpack@5.5.0 > @svgr/plugin-svgo@5.5.0 > svgo@1.3.2 > css-select@2.1.0 > nth-check@1.0.2
This issue was fixed in versions: 2.0.1
Reference:
Medium Severity
Overview nth-check is vulnerable to Inefficient Regular Expression Complexity
Recommendation Upgrade to version 2.0.1 or later
References