jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into <blockquote> tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.
{
"cpe": "cpe:2.3:a:jsx-slack_project:jsx-slack:*:*:*:*:*:node.js:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.5.2"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}