Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern \s(?:([+-]?)\s(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency.
Also,
loader-utils Prototype Pollution, loader-utils, Regular Expression Denial of Service (ReDoS), nwsapi Denial of Service, minimatch
Regular Expression Denial of Service (ReDoS), and terser Regular Expression Denial of Service should be updated as well.
Hey Karol,
I wanted to inform you about a few vulnerabilities within the code. I hope this was okay to do.
Introduced through react-scripts@5.0.0 Fixed in nth-check@2.0.1
Detailed paths
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern \s(?:([+-]?)\s(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency.
Also,
loader-utils Prototype Pollution, loader-utils, Regular Expression Denial of Service (ReDoS), nwsapi Denial of Service, minimatch Regular Expression Denial of Service (ReDoS), and terser Regular Expression Denial of Service should be updated as well.
Respectfully, ~Anane.