AIKIDO-2024-10045
@quasar/app-webpack is vulnerable to Regular Expression Denial of Service (ReDoS)
75
High Risk
This Affects:
@quasar/app-webpackTL;DR
A regular expression Denial of Service (ReDoS) vulnerability was found in kangax html-minifier 4.0.0 through the candidate variable in htmlminifier.js. Since this issue does not receive a fix, the package switches to a different implementation for the HTML minifier.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@quasar/app-webpack is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 3.4.1 - 3.12.5.
How to fix this
Upgrade the @quasar/app-webpack library to the patch version.
Links
Related Issue
Other
github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294
security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant