Home > Vulnerability Database > WS-2020-0208

Mend.io Vulnerability Database

WS-2020-0208

Good to know:

Date: August 19, 2025

If are you are using Highlight.js to highlight user-provided data you are possibly vulnerable. On the client-side (in a browser or Electron environment) risks could include lengthy freezes or crashes... On the server-side infinite freezes could occur... effectively preventing users from accessing your app or service (ie, Denial of Service). This is an issue with grammars shipped with the parser (and potentially 3rd party grammars also), not the parser itself. If you are using Highlight.js with any of the following grammars you are vulnerable. If you are using highlightAuto to detect the language (and have any of these grammars registered) you are vulnerable.

Language: JS

Severity Score

5.5

Related Resources (5)

Url: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-7wwv-vh3v-89cq

Url: https://github.com/highlightjs/highlight.js/commit/373b9d862401162e832ce77305e49b859e110f9c

Url: https://www.npmjs.com/package/highlight.js

Url: https://www.npmjs.com/package/@highlightjs/cdn-assets

Url: https://www.mend.io/vulnerability-database/WS-2020-0208

Severity Score

5.5

Weakness Type (CWE)

Environment

CWE-2

Improper Input Validation

CWE-20

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2020-0208

Good to know:

Date: August 19, 2025

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?