AIKIDO-2026-10188
html-dom-parser is vulnerable to Regular Expression Denial of Service (ReDoS)
25
Low Risk
This Affects:
html-dom-parserTL;DR
Affected versions of this package contain a polynomial-time regular expression that processes uncontrolled input when parsing <head> and <body> tags, which may lead to Regular Expression Denial of Service (ReDoS) due to catastrophic backtracking. The vulnerable pattern ([^]*) matches arbitrary characters until a closing > is found, allowing excessive processing time on crafted inputs. An attacker could exploit this by submitting specially crafted HTML strings with repeated <head or <body sequences and malformed attributes, causing high CPU consumption and degrading or blocking application availability.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
html-dom-parser is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 5.0.0 - 5.1.7.
How to fix this
Upgrade the html-dom-parser library to the patch version.
Background Info
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant