Description
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Remediation
References
http://www.openwall.com/lists/oss-security/2016/04/20/11
http://www.securityfocus.com/bid/96409
https://nodesecurity.io/advisories/48
Related Vulnerabilities
CVE-2019-16540 Vulnerability in maven package org.jenkins-ci.plugins:support-core
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder
CVE-2020-7684 Vulnerability in npm package rollup-plugin-serve-favicon
CVE-2019-19771 Vulnerability in npm package fs-extar
CVE-2023-38690 Vulnerability in npm package matrix-appservice-irc