Intel

AIKIDO-2026-250781

@milkdown/crepe is vulnerable to Regular Expression Denial of Service (ReDoS)

Regular Expression Denial of Service (ReDoS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 3 days ago

28

Low Risk

This Affects:

JS@milkdown/crepe
7.21.0 - 7.21.0
Fixed in 7.21.1
Are you affected? Scan for Free

TL;DR

The built-in OpenAI and Anthropic LLM providers in the crepe editor normalize a caller-supplied provider baseURL with a regular expression (replace(/\/+$/, '')) that strips trailing slashes. On inputs containing long runs of / that are not anchored at the very end, the \/+$ sub-expression backtracks quadratically, so an application that forwards untrusted input into the provider baseURL can be driven into O(n^2) CPU time and stalled. The regex was flagged by CodeQL as js/polynomial-redos. The fix replaces it with a linear stripTrailingSlashes helper that scans characters via charCodeAt without backtracking.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and you enable the crepe AI feature with an OpenAI or Anthropic provider whose baseURL can be influenced by untrusted input.

Background info

@milkdown/crepe is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 7.21.0 - 7.21.0.

How to fix this

Upgrade the @milkdown/crepe library to the patch version.