[wp-trac] [WordPress Trac] #63903: Vulnerable dependency: @babel/runtime 7.25.7 in WordPress packages
WordPress Trac
noreply at wordpress.org
Mon Sep 1 04:52:18 UTC 2025
#63903: Vulnerable dependency: @babel/runtime 7.25.7 in WordPress packages
--------------------------+-----------------------------
Reporter: Bjorn2404 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: javascript |
--------------------------+-----------------------------
The following WordPress packages contain a vulnerable version of
@babel/runtime (7.25.7) that is susceptible to Regular Expression Denial
of Service (ReDoS) attacks.
Affected packages:
- @wordpress/icons at 10.17.0
- @wordpress/element at 6.17.0
- @wordpress/escape-html at 3.17.0
Vulnerability: SNYK-JS-BABELRUNTIME-10044504
CVE: Available in Snyk database
The vulnerable regex patterns in @babel/runtime 7.25.7 can cause
significant performance degradation when processing certain input
patterns. This has
been patched in @babel/runtime 7.26.0+.
Please see: https://security.snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63903>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list