The Express XSS Sanitizer package for Node.js, up to version 2.0.0, is vulnerable to an unbounded recursion issue in its 'sanitize' function found in lib/sanitize.js. This vulnerability can be exploited through specially crafted JSON request bodies, leading to potential denial of service and degradation of application performance. Developers using this package should review their implementations and upgrade to secure versions to mitigate risks.
https://securityvulnerability.io/vulner ... 2025-59364