Description
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
Remediation
References
https://github.com/dodo/node-slug/issues/82
https://nodesecurity.io/advisories/537
Related Vulnerabilities
CVE-2016-10726 Vulnerability in maven package org.dspace:dspace-xmlui
CVE-2023-22467 Vulnerability in maven package org.webjars.bowergithub.moment:luxon
CVE-2021-41109 Vulnerability in npm package parse-server
CVE-2019-10365 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine
CVE-2014-3625 Vulnerability in maven package org.springframework:spring-webmvc