A Regular expression Denial of Service flaw was found in the @progfay/scrapbox-parser package before 6.0.3, 7.0.2 for Node.js. The attacker that is able to be parsed a specially crafted text may cause the application to consume an excessive amount of CPU.
Upgrade to version 6.0.3, 7.0.2 or later.
Avoid to parse text with a lot of [ chars.
If you have any questions or comments about this advisory: * Open an issue in github.com/progfay/scrapbox-parser
{
"nvd_published_at": "2021-02-19T05:15:00Z",
"severity": "MODERATE",
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-02-26T19:49:07Z"
}