Primary

Context

tarteaucitron.js Regular Expression Denial-of-Service Vulnerability

Vulnerability

A Regular Expression Denial-of-Service (ReDoS) vulnerability exists in tarteaucitron.js versions prior to 1.29.0. The issue arises in the processing of the 'issuu_id' parameter, where insufficiently constrained regular expressions can be exploited to cause excessive backtracking. This exploitation leads to high CPU usage and potential service disruption.

Impact

Exploitation of this vulnerability can cause significant CPU exhaustion, degrading performance and temporarily disrupting service availability.

Remediation

Users can upgrade to tarteaucitron.js version 1.29.0 or later to address this vulnerability.

Added: Jan 13, 2026, 8:40 PM

Updated: Jan 13, 2026, 8:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

tarteaucitron.js Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating