Versions of papaparse
prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The parse
function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.
Upgrade to version 5.2.0 or later.
{ "nvd_published_at": null, "github_reviewed_at": "2020-08-31T19:02:01Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-185" ] }