normalize-url
package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later
CPE | Name | Operator | Version |
---|---|---|---|
normalize-url | ge | 4.3.0 <4.5.1 || >=5.0.0 <5.3.1 || >=6.0.0 <6.0.1 |