Inefficient Regular Expression Complexity

Summary

Babel is a compiler for writing next-generation JavaScript. In affected versions of Babel, to compile regular expressions named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expressions named capturing groups, using the `.replace` method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of `.replace`. This issue affects @babel/helpers and @babel/runtime-corejs3 packages versions through 7.26.9, and 8.0.0-alpha.0 through 8.0.0-alpha.16 . Note that just updating Babel dependencies is not enough; one will also need to re-compile the code. No known workarounds are available.