jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.
Metrics
Affected Vendors & Products
References
History
No history.
![cve-icon](/static/img/cve-icon.png)
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-12-17T18:20:11
Updated: 2024-08-04T04:10:16.268Z
Reserved: 2021-11-16T00:00:00
Link: CVE-2021-43838
![cve-icon](/static/img/cisa-icon.png)
No data.
![cve-icon](/static/img/nvd-icon.png)
Status : Modified
Published: 2021-12-17T19:15:07.683
Modified: 2024-11-21T06:29:54.097
Link: CVE-2021-43838
![cve-icon](/static/img/redhat-icon.png)
No data.