Description
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
Remediation
References
https://github.com/dodo/node-slug/issues/82
https://nodesecurity.io/advisories/537
Related Vulnerabilities
CVE-2019-16335 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-23848 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity
CVE-2019-20922 Vulnerability in npm package handlebars
CVE-2022-45388 Vulnerability in maven package net.praqma:config-rotator
CVE-2020-7793 Vulnerability in maven package org.webjars.npm:ua-parser-js