EPSS
Percentile
69.6%
html-parse-stringify2 is vulnerable to regular express denial of service (ReDoS). The vulnerability exists through the regular expression of tagRE where parsing strings with multiple ' and " can consume huge amount of CPU resources.
tagRE
'
"
github.com/advisories/GHSA-545q-3fg6-48m7
github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js%23L2
github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12
github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js%23L2