Regular Expression Denial of Service (ReDoS) Security Vulnerability CVE-2021-3803 #757
Description
Vulnerability Details
Vulnerability Type: Regular Expression Denial of Service (ReDoS)
Severity: High
Vulnerable Package: nth-check@1.0.1
Introduced By: cheerio@0.22.0 > css-select@1.2.0 > nth-check@1.0.1
Fixed In: nth-check@2.0.1
More Info: Snyk Security Advisory
Impact
The vulnerability allows for a potential Denial of Service (DoS) attack by exploiting the regular expressions used in nth-check. Given the high severity, it poses a significant risk to systems relying on this dependency chain.
Additional Info
I had previously emailed your security email address and followed that up with your team's main email address with no acknowledgement for either of them. As this is a high security vulnerability, action towards migrating to updated cheerio (currently RC version) or patching the transitive dependency would be greatly appreciated.