CVE-2021-43843

Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier

Description: The issue is related to a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into the <blockquote> tag with including multibyte characters, an internal regular expression for escaping characters may consume an excessive amount of computing resources. The patch in version 4.5.1 is insufficient for protection against this attack, as it only passes the test against ASCII characters but misses the case of multibyte characters.

Recommendations: For jsx-slack versions 4.5.1 and earlier, update to version 4.5.2, which has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. As a temporary workaround, consider restricting the use of the <blockquote> tag with multibyte characters until the issue is resolved.