The normalize-url package prior to 4.5.1, 5.x prior to 5.3.1, and 6.x prior to 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
normalize-url project normalize-url |
||
normalize-url project normalize-url 6.0.0 |