IxtliHIGHCVE-2026-24001npmCVSS 7.5
diff
Published
Description
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
Affected Versions
>=6.0.0>=5.0.0>=4.0.0>=0
FIXED VERSIONS4.0.43.5.15.2.28.0.3
References
WEBhttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgxADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-24001WEBhttps://github.com/kpdecker/jsdiff/issues/653WEBhttps://github.com/kpdecker/jsdiff/pull/649WEBhttps://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5PACKAGEhttps://github.com/kpdecker/jsdiff