CVE-2022-25858 Information

Description

The package terser before 4.8.1 from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Reference

https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722 https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 https://snyk.io/vuln/SNYK-JS-TERSER-2806366 https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135