Skip to main content

Jsdiff

1 CVEs product

Monthly

CVE-2026-24001 npm LOW PATCH Monitor

Denial-of-service in jsdiff versions prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 allows unauthenticated remote attackers to crash applications by providing maliciously crafted patches with line break characters in filename headers, triggering an infinite loop that exhausts system memory. Applications calling parsePatch with user-supplied input are vulnerable regardless of input size restrictions. A patch is available for all affected versions.

Denial Of Service Jsdiff
NVD GitHub VulDB
CVSS 4.0
2.7
EPSS
0.0%
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Denial-of-service in jsdiff versions prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 allows unauthenticated remote attackers to crash applications by providing maliciously crafted patches with line break characters in filename headers, triggering an infinite loop that exhausts system memory. Applications calling parsePatch with user-supplied input are vulnerable regardless of input size restrictions. A patch is available for all affected versions.

Denial Of Service Jsdiff
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy