CVE Details
Basic Information
| Title | vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos |
|---|---|
| Type | cve |
| Published | 2025-06-09T21:00:17.023Z |
| Last Seen |
Product Information
| Vendor | vuejs |
|---|---|
| Product | vue-cli |
| Version | 5.0.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A regular expression denial of service (ReDoS) vulnerability was discovered in Vue CLI’s HtmlPwaPlugin, affecting versions up to 5.0.8. This issue can lead to inefficient regular expression complexity when processing crafted markdown content, potentially causing performance degradation. |
|---|---|
| AI Severity | Medium |
| Vendor | Vue.js Team |
| Product | Vue CLI |
| Affected Version | 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8 |
Affected Products
- vuejs vue-cli 5.0.0
- vuejs vue-cli 5.0.1
- vuejs vue-cli 5.0.2
- vuejs vue-cli 5.0.3
- vuejs vue-cli 5.0.4
- vuejs vue-cli 5.0.5
- vuejs vue-cli 5.0.6
- vuejs vue-cli 5.0.7
- vuejs vue-cli 5.0.8
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-1333, CWE-400 |
| Bulletin Family |
References
Description
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.