7.5
CVSS CVSS_V3
Status
Fixed version
2.8.4-r0Status
Impact
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. The ReDoS vulnerability can be mitigated with several best practices described here: [https://snyk.io/blog/redos-and-catastrophic-backtracking/]. The issue is still open and has not been fixed yet: 'https://github.com/kangax/html-minifier/issues/1135'
Status