Inefficient Regular Expression Complexity in @eslint/plugin-kit
Cx39aef355-ca85
- @eslint/plugin-kit
Summary
The "ConfigCommentParser#parseJSONLikeConfig" API is vulnerable to a Regular Expression Denial of Service (ReDoS) attack in its only argument. This issue affects the package @eslint/plugin-kit versions prior to 0.3.4.
- LOW
- NETWORK
- NONE
- NONE
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published
