CVE-2025-27789 is detected in this package #3890
Description
Describe the bug
okta-signin-widget reposts CVE-2025-27789.
Reproduction Steps
Run yarn audit in the project using this package.
| Item | Details |
|---|---|
| Severity | moderate |
| Description | Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups |
| Package | @babel/runtime |
| Patched in | >=7.26.10 |
| Dependency of | @okta/okta-signin-widget |
| Path | @okta/okta-signin-widget > @okta/okta-auth-js > broadcast-channel > @babel/runtime |
| More info | https://www.npmjs.com/advisories/1104000 |
SDK Versions
System:
OS: macOS 15.7
CPU: (12) arm64 Apple M3 Pro
Memory: 121.13 MB / 36.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 22.18.0 - ~/.nodenv/versions/22.18.0/bin/node
Yarn: 1.22.22 - /opt/homebrew/bin/yarn
npm: 10.9.3 - ~/.nodenv/versions/22.18.0/bin/npm
Browsers:
Chrome: 140.0.7339.207
Safari: 26.0.1
npmPackages:
@okta/okta-signin-widget: 7.35.1 => 7.35.1
Additional Information
No response