CVE-2021-43838

Name of the Vulnerable Software and Affected Versions: jsx-slack versions prior to 4.5.1

Description: The issue concerns a regular expression denial-of-service (ReDoS) attack. If an attacker can put a lot of JSX elements into the <blockquote> tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources.

Recommendations: For versions prior to 4.5.1, upgrade to version 4.5.1 or later as soon as possible to patch the regex for escaping blockquote characters. For version 4.5.1, note that while it has a patched workaround, it is still vulnerable to contents with multibyte characters, so upgrading to version 4.5.2 is recommended to fully prevent catastrophic backtracking.