vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-1333

vuejs Vue CLI 安全漏洞

vuejs Vue CLI是Vue开源的一个基于webpack的Vue.js开发工具。 vuejs Vue CLI 5.0.8及之前版本存在安全漏洞，该漏洞源于函数HtmlPwaPlugin存在低效正则表达式复杂性。

N/A

N/A