GHSA-4cv2-xc5f-px8h: Denial of Service in extension "Code Highlight" (codehighlight)
The codehighlight extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service (ReDoS).
References
- github.com/FriendsOfPHP/security-advisories/blob/master/brotkrueml/codehighlight/2021-03-16-1.yaml
- github.com/advisories/GHSA-4cv2-xc5f-px8h
- github.com/brotkrueml/codehighlight
- github.com/brotkrueml/codehighlight/commit/c2f05e5200f1562a3fba2de1f12ee9872f883e2c
- typo3.org/security/advisory/typo3-ext-sa-2021-002
Code Behaviors & Features
Detect and mitigate GHSA-4cv2-xc5f-px8h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →