Hieki

Name of the Vulnerable Software and Affected Versions: jsx-slack versions prior to 4.5.1 Description: The issue concerns a regular expression denial-of-service (ReDoS) attack. If an attacker can put a lot of JSX elements into the `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. Recommendations: For versions prior to 4.5.1, upgrade to version 4.5.1 or later as soon as possible to patch the regex for escaping blockquote characters. For version 4.5.1, note that while it has a patched workaround, it is still vulnerable to contents with multibyte characters, so upgrading to version 4.5.2 is recommended to fully prevent catastrophic backtracking.

Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into the `<blockquote>` tag with including multibyte characters, an internal regular expression for escaping characters may consume an excessive amount of computing resources. The patch in version 4.5.1 is insufficient for protection against this attack, as it only passes the test against ASCII characters but misses the case of multibyte characters. Recommendations: For jsx-slack versions 4.5.1 and earlier, update to version 4.5.2, which has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. As a temporary workaround, consider restricting the use of the `<blockquote>` tag with multibyte characters until the issue is resolved.