Description
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
Remediation
References
https://nodesecurity.io/advisories/537
https://github.com/dodo/node-slug/issues/82
Related Vulnerabilities
CVE-2019-14863 Vulnerability in npm package angular
CVE-2020-36649 Vulnerability in npm package papaparse
CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-10654 Vulnerability in npm package sfml
CVE-2021-40146 Vulnerability in maven package org.apache.any23:apache-any23-core