Inefficient Regular Expression Complexity
CVE-2024-9506
Summary
Improper regular expression in Vue's "parseHTML" function leads to a potential Regular Expression Denial of Service vulnerability. This issue affects vue versions 2.0.0-alpha.1 prior to 3.0.0-alpha.0, @vue/compiler-sfc versions 2.7.0-alpha.1 through 2.7.16, vue-server-renderer versions 2.0.0-beta.1 through 2.7.16, and vue-template-compiler versions 0.1.0 through 2.7.16.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published