GHSA-jxqq-cqm6-pfq9
GitHub Security Advisory
Regular Expression Denial of Service in slug
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Affected versions of `slug` are vulnerable to a regular expression denial of service when parsing untrusted user input.
The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds,
About 50k characters can block the event loop for 2 seconds.
## Recommendation
Update to version 0.9.2 or later.
Affected Packages
npm
slug
Affected versions:
0
(fixed in 0.9.2)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 4, 2025 6:27 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.