From 8015c473eb1b9c3086de8470358d8d0bd93b9c62 Mon Sep 17 00:00:00 2001
From: Balu Rathod <rathodbalu2@gmail.com>
Date: Fri, 8 Aug 2025 14:14:45 -0700
Subject: [PATCH] Fix ReDoS vulnerability in tagregex1 CVE-2024-22363  for
 Package: npm/xlsx and Version: 0.18.5

---
 bits/22_xmlutils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bits/22_xmlutils.js b/bits/22_xmlutils.js
index 1e0504d..12ef0d6 100644
--- a/bits/22_xmlutils.js
+++ b/bits/22_xmlutils.js
@@ -1,6 +1,6 @@
 var XML_HEADER = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r\n';
 var attregexg=/([^"\s?>\/]+)\s*=\s*((?:")([^"]*)(?:")|(?:')([^']*)(?:')|([^'">\s]+))/g;
-var tagregex1=/<[\/\?]?[a-zA-Z0-9:_-]+(?:\s+[^"\s?>\/]+\s*=\s*(?:"[^"]*"|'[^']*'|[^'">\s=]+))*\s*[\/\?]?>/mg, tagregex2 = /<[^>]*>/g;
+var tagregex1=/<[\/\?]?[a-zA-Z0-9:_-]+(?:\s+[^"\s?>\/]+\s*=\s*(?:"[^"]*"|'[^']*'|[^'">\s=]+))*\s*[\/\?]?>/g, tagregex2 = /<[^>]*>/g;
 var tagregex = /*#__PURE__*/XML_HEADER.match(tagregex1) ? tagregex1 : tagregex2;
 var nsregex=/<\w*:/, nsregex2 = /<(\/?)\w+:/;
 function parsexmltag(tag/*:string*/, skip_root/*:?boolean*/, skip_LC/*:?boolean*/)/*:any*/ {
-- 
2.34.1