{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"MODERATE\"}"}}}], "affected": [{"vendor": "npm", "product": "@babel/helpers", "versions": [{"status": "affected", "version": "0", "lessThan": "7.26.10", "versionType": "semver"}, {"status": "affected", "version": "8.0.0-alpha.0", "lessThan": "8.0.0-alpha.17", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "npm", "product": "@babel/runtime", "versions": [{"status": "affected", "version": "0", "lessThan": "7.26.10", "versionType": "semver"}, {"status": "affected", "version": "8.0.0-alpha.0", "lessThan": "8.0.0-alpha.17", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "npm", "product": "@babel/runtime-corejs2", "versions": [{"status": "affected", "version": "0", "lessThan": "7.26.10", "versionType": "semver"}, {"status": "affected", "version": "8.0.0-alpha.0", "lessThan": "8.0.0-alpha.17", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "npm", "product": "@babel/runtime-corejs3", "versions": [{"status": "affected", "version": "0", "lessThan": "7.26.10", "versionType": "semver"}, {"status": "affected", "version": "8.0.0-alpha.0", "lessThan": "8.0.0-alpha.17", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/babel/babel"}, {"url": "https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"}, {"url": "https://github.com/babel/babel/pull/17173"}, {"url": "https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27789"}], "descriptions": [{"lang": "en", "value": "### Impact\n\nWhen using Babel to compile [regular expression named capturing groups](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Named_capturing_group), Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`).\n\nYour generated code is vulnerable if _all_ the following conditions are true:\n- You use Babel to compile [regular expression named capturing groups](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Named_capturing_group)\n- You use the `.replace` method on a regular expression that contains named capturing groups\n- **Your code uses untrusted strings as the second argument of `.replace`**\n\nIf you are using `@babel/preset-env` with the [`targets`](https://babeljs.io/docs/options#targets) option, the transform that injects the vulnerable code is automatically enabled if:\n- you use [_duplicated_ named capturing groups](https://github.com/tc39/proposal-duplicate-named-capturing-groups), and target any browser older than Chrome/Edge 126, Opera 112, Firefox 129, Safari 17.4, or Node.js 23\n- you use any [named capturing groups](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Named_capturing_group), and target any browser older than Chrome 64, Opera 71, Edge 79, Firefox 78, Safari 11.1, or Node.js 10\n\nYou can verify what transforms `@babel/preset-env` is using by enabling the [`debug` option](https://babeljs.io/docs/babel-preset-env#debug).\n\n\n### Patches\n\nThis problem has been fixed in `@babel/helpers` and `@babel/runtime` 7.26.10 and 8.0.0-alpha.17, please upgrade. It's likely that you do not directly depend on `@babel/helpers`, and instead you depend on `@babel/core` (which itself depends on `@babel/helpers`). Upgrading to `@babel/core` 7.26.10 is not required, but it guarantees that you are on a new enough `@babel/helpers` version.\n\nPlease note that just updating your Babel dependencies is not enough: you will also need to re-compile your code.\n\n### Workarounds\n\nIf you are passing user-provided strings as the second argument of `.replace` on regular expressions that contain named capturing groups, validate the input and make sure it does not contain the substring `$<` if it's then not followed by `>` (possibly with other characters in between).\n\n### References\n\nThis vulnerability was reported and fixed in https://github.com/babel/babel/pull/17173."}, {"lang": "en", "value": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups"}], "providerMetadata": {"orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "shortName": "npm", "dateUpdated": "2025-03-11T20:30:18Z", "x_subShortName": "npm"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "node-babel-cli", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-code-frame", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-core", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-generator", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-bindify-decorators", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-builder-binary-assignment-operator-visitor", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-builder-react-jsx", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-call-delegate", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-define-map", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-explode-assignable-expression", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-explode-class", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-function-name", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-get-function-arity", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-hoist-variables", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-optimise-call-expression", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-regex", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-remap-async-to-generator", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helper-replace-supers", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-helpers", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-messages", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-external-helpers", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-async-functions", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-async-generators", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-class-constructor-call", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-class-properties", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-decorators", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-do-expressions", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-dynamic-import", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-exponentiation-operator", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-export-extensions", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-flow", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-function-bind", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-jsx", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-object-rest-spread", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-syntax-trailing-function-commas", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-async-generator-functions", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-async-to-generator", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-class-constructor-call", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-class-properties", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-decorators", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-do-expressions", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-es3-member-expression-literals", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-es3-property-literals", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-exponentiation-operator", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-export-extensions", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-flow-strip-types", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-function-bind", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-jscript", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-object-rest-spread", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-proto-to-assign", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-react-display-name", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-react-jsx", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-react-jsx-self", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-react-jsx-source", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-regenerator", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-runtime", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-plugin-transform-strict-mode", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-polyfill", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-es2015", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-es2016", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-es2017", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-flow", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-latest", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-react", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-stage-0", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-stage-1", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-stage-2", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-preset-stage-3", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-register", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-runtime", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-template", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-traverse", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel-types", "platforms": ["bionic", "focal"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel7", "platforms": ["jammy", "noble", "resolute"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel7-runtime", "platforms": ["jammy", "noble", "resolute"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel7-standalone", "platforms": ["jammy", "noble", "resolute"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "node-babel7-debug", "platforms": ["noble", "resolute"], "defaultStatus": "unknown"}], "references": [{"url": "https://ubuntu.com/security/CVE-2025-27789"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"}], "descriptions": [{"lang": "en", "value": "Babel is a compiler for writing next generation JavaScript. When usingversions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regularexpression named capturing groups, Babel will generate a polyfill for the`.replace` method that has quadratic complexity on some specificreplacement pattern strings (i.e. the second argument passed to`.replace`). Generated code is vulnerable if all the following conditionsare true: Using Babel to compile regular expression named capturing groups,using the `.replace` method on a regular expression that contains namedcapturing groups, and the code using untrusted strings as the secondargument of `.replace`. This problem has been fixed in `@babel/helpers` and`@babel/runtime` 7.26.10 and 8.0.0-alpha.17. It's likely that individualusers do not directly depend on `@babel/helpers`, and instead depend on`@babel/core` (which itself depends on `@babel/helpers`). Upgrading to`@babel/core` 7.26.10 is not required, but it guarantees use of a newenough `@babel/helpers` version. Note that just updating Babel dependenciesis not enough; one will also need to re-compile the code. No knownworkarounds are available."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-03-11T20:15:00Z", "x_subShortName": "canonical"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/babel/babel/pull/17173"}, {"url": "https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8"}], "descriptions": [{"lang": "en", "value": "Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expression named capturing groups, using the `.replace` method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of `.replace`. This problem has been fixed in `@babel/helpers` and `@babel/runtime` 7.26.10 and 8.0.0-alpha.17. It's likely that individual users do not directly depend on `@babel/helpers`, and instead depend on `@babel/core` (which itself depends on `@babel/helpers`). Upgrading to `@babel/core` 7.26.10 is not required, but it guarantees use of a new enough `@babel/helpers` version. Note that just updating Babel dependencies is not enough; one will also need to re-compile the code. No known workarounds are available."}, {"lang": "es", "value": "Babel es un compilador para escribir JavaScript de nueva generación. Al usar versiones de Babel anteriores a la 7.26.10 y 8.0.0-alpha.17 para compilar grupos de captura con nombre de expresiones regulares, Babel generará un polyfill para el método `.replace` con complejidad cuadrática en algunas cadenas de patrones de reemplazo específicas (es decir, el segundo argumento pasado a `.replace`). El código generado es vulnerable si se cumplen todas las siguientes condiciones: usar Babel para compilar grupos de captura con nombre de expresiones regulares, usar el método `.replace` en una expresión regular que contenga grupos de captura con nombre y usar cadenas no confiables como segundo argumento de `.replace`. Este problema se ha corregido en `@babel/helpers` y `@babel/runtime` 7.26.10 y 8.0.0-alpha.17. Es probable que los usuarios individuales no dependan directamente de `@babel/helpers`, sino de `@babel/core` (que a su vez depende de `@babel/helpers`). No es necesario actualizar a `@babel/core` 7.26.10, pero garantiza el uso de una versión suficientemente nueva de `@babel/helpers`. Tenga en cuenta que actualizar las dependencias de Babel no es suficiente; también será necesario recompilar el código. No se conocen workarounds."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1333", "description": "CWE-1333"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "DISCARDED_CNA", "dateUpdated": "2025-03-11T20:15:18Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-27789", "state": "PUBLISHED", "dateUpdated": "2025-03-11T20:15:18Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-03-11T20:15:18Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}