JavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| terminal-kit | npm |
| < 2.1.8 |
| 2.1.8 |
Miggo AIRoot Cause AnalysisThe commit diff shows the regex in misc.markupWidth was modified to prevent ReDoS. The original regex pattern had inefficient complexity due to an unrestricted quantifier in the character class [^]]*. This matches the CWE-1333 description and the vulnerability's focus on regex inefficiency. The patch explicitly targets this function's regex, and the GHSA advisory confirms the exploit involved strings like '^['.repeat(bigNumber).
KEV Misses 88% of Exploited CVEs- Get the report
