diff --git a/package-lock.json b/package-lock.json
index b34dff0010..773a04927c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -286,20 +286,20 @@
 			}
 		},
 		"@wordpress/block-library": {
-			"version": "2.2.8",
-			"resolved": "https://registry.npmjs.org/@wordpress/block-library/-/block-library-2.2.8.tgz",
-			"integrity": "sha512-86DiBPFQwGDWf/s4OwmTp2q+VoeNhmW1OQXu/on+c5MHgJh7W2uFasO4bhmz31+U9KwAFHQr3pCcxaasdP17vQ==",
+			"version": "2.2.9",
+			"resolved": "https://registry.npmjs.org/@wordpress/block-library/-/block-library-2.2.9.tgz",
+			"integrity": "sha512-Do/3f1S6uPOywSSiCyeLW6//DEIy7cAyBIdtxcl1CssfpwCPiDbXq5OpyRf94FKV4J1C0qwJfF604IdcsCmsjw==",
 			"requires": {
 				"@babel/runtime": "^7.0.0",
 				"@wordpress/autop": "^2.0.2",
 				"@wordpress/blob": "^2.1.0",
-				"@wordpress/blocks": "^6.0.2",
+				"@wordpress/blocks": "^6.0.3",
 				"@wordpress/components": "^7.0.3",
 				"@wordpress/compose": "^3.0.0",
 				"@wordpress/core-data": "^2.0.14",
 				"@wordpress/data": "^4.0.1",
 				"@wordpress/deprecated": "^2.0.3",
-				"@wordpress/editor": "^9.0.3",
+				"@wordpress/editor": "^9.0.4",
 				"@wordpress/element": "^2.1.8",
 				"@wordpress/html-entities": "^2.0.3",
 				"@wordpress/i18n": "^3.1.0",
@@ -322,28 +322,28 @@
 			}
 		},
 		"@wordpress/block-serialization-default-parser": {
-			"version": "2.0.0",
-			"resolved": "https://registry.npmjs.org/@wordpress/block-serialization-default-parser/-/block-serialization-default-parser-2.0.0.tgz",
-			"integrity": "sha512-WPQuQ2IsUOG9wMTst8CYW8c5NMM3iatTW2FinfZrHtH9R1g9qdQPt5Wv56U7eMeDACVOj35jG2oJtZCRaDyL7A==",
+			"version": "2.0.1",
+			"resolved": "https://registry.npmjs.org/@wordpress/block-serialization-default-parser/-/block-serialization-default-parser-2.0.1.tgz",
+			"integrity": "sha512-Wd4yC9NgakDv39bPskA56GSGprZ5kXuhDff3hLR2HpOYS2TPHgT06UsfVfO1tJBOxrqcS/AHVj7FEFZqyyKPNg==",
 			"requires": {
 				"@babel/runtime": "^7.0.0"
 			}
 		},
 		"@wordpress/block-serialization-spec-parser": {
-			"version": "2.0.0",
-			"resolved": "https://registry.npmjs.org/@wordpress/block-serialization-spec-parser/-/block-serialization-spec-parser-2.0.0.tgz",
-			"integrity": "sha512-l5N0o2Tkc4IcDhhMfX2W3KuEV/4F7TeitJEDtBpLYf7eRMIn3Uh6l5rPDmmuTDv7UFlMWTiA8z/oCpl13ZyBOw=="
+			"version": "2.0.1",
+			"resolved": "https://registry.npmjs.org/@wordpress/block-serialization-spec-parser/-/block-serialization-spec-parser-2.0.1.tgz",
+			"integrity": "sha512-9bhi2/hThAH8MbFAalI3UMZiKmUih8Az5ZFRzZy9E+EO4BYW479DFU5l/jSelDh3fPhsPza9UZ0so3IrqqoCzg=="
 		},
 		"@wordpress/blocks": {
-			"version": "6.0.2",
-			"resolved": "https://registry.npmjs.org/@wordpress/blocks/-/blocks-6.0.2.tgz",
-			"integrity": "sha512-Y9cIbxXnATT6NPBbT969awm/5iLL/fRYoQ2a0xoqqHdcI8kxPbMv2TdAE8RaM8eeYL17t6CmWdfP+jkAIVGMGg==",
+			"version": "6.0.3",
+			"resolved": "https://registry.npmjs.org/@wordpress/blocks/-/blocks-6.0.3.tgz",
+			"integrity": "sha512-jBk9xa87b9xgizVXBBnCYMDju0Q871JyeSCwJyUvd77flrym7BjfNIIWVnwOlLxUYc6BeHxZCAi+JzybHLlvFA==",
 			"requires": {
 				"@babel/runtime": "^7.0.0",
 				"@wordpress/autop": "^2.0.2",
 				"@wordpress/blob": "^2.1.0",
-				"@wordpress/block-serialization-default-parser": "^2.0.0",
-				"@wordpress/block-serialization-spec-parser": "^2.0.0",
+				"@wordpress/block-serialization-default-parser": "^2.0.1",
+				"@wordpress/block-serialization-spec-parser": "^2.0.1",
 				"@wordpress/data": "^4.0.1",
 				"@wordpress/dom": "^2.0.7",
 				"@wordpress/element": "^2.1.8",
@@ -483,22 +483,22 @@
 			}
 		},
 		"@wordpress/edit-post": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/@wordpress/edit-post/-/edit-post-3.1.3.tgz",
-			"integrity": "sha512-bA9OIkzInCLvf2YB4b6H0Ubghmv+AjOrCpZcp/5sdWLAg7hE6ZzZZ5Pz/2o5bBd+mTkalALJFMxgy7DKvH3WgQ==",
+			"version": "3.1.4",
+			"resolved": "https://registry.npmjs.org/@wordpress/edit-post/-/edit-post-3.1.4.tgz",
+			"integrity": "sha512-xZZ1x+JfMLTgCZkkdaJeYdsdEVQ+MkbRtweSdqfm4p4zdyId8wTg/n/ccqAAhFnQjoTufEkkchzRmmnoHozrcg==",
 			"requires": {
 				"@babel/runtime": "^7.0.0",
 				"@wordpress/a11y": "^2.0.2",
 				"@wordpress/api-fetch": "^2.2.5",
-				"@wordpress/block-library": "^2.2.8",
-				"@wordpress/blocks": "^6.0.2",
+				"@wordpress/block-library": "^2.2.9",
+				"@wordpress/blocks": "^6.0.3",
 				"@wordpress/components": "^7.0.3",
 				"@wordpress/compose": "^3.0.0",
 				"@wordpress/core-data": "^2.0.14",
 				"@wordpress/data": "^4.0.1",
-				"@wordpress/editor": "^9.0.3",
+				"@wordpress/editor": "^9.0.4",
 				"@wordpress/element": "^2.1.8",
-				"@wordpress/format-library": "^1.2.6",
+				"@wordpress/format-library": "^1.2.7",
 				"@wordpress/hooks": "^2.0.3",
 				"@wordpress/i18n": "^3.1.0",
 				"@wordpress/keycodes": "^2.0.5",
@@ -512,15 +512,15 @@
 			}
 		},
 		"@wordpress/editor": {
-			"version": "9.0.3",
-			"resolved": "https://registry.npmjs.org/@wordpress/editor/-/editor-9.0.3.tgz",
-			"integrity": "sha512-Iz2B2JccsluiV0CdIkeH7sdl+3JcM7u9OqQSRC+0G2gfq8c09c98BE9myRUN16EVvL6zf025DzRU3hSx9r3AbQ==",
+			"version": "9.0.4",
+			"resolved": "https://registry.npmjs.org/@wordpress/editor/-/editor-9.0.4.tgz",
+			"integrity": "sha512-adLq0C0DZFz5R1TNzqRttmcEHXz9Nv4VIBxyqFQbubfMAzq6LKv44YxNw0t9Pg2cZQr4V5gbu214H/0C67PFTQ==",
 			"requires": {
 				"@babel/runtime": "^7.0.0",
 				"@wordpress/a11y": "^2.0.2",
 				"@wordpress/api-fetch": "^2.2.5",
 				"@wordpress/blob": "^2.1.0",
-				"@wordpress/blocks": "^6.0.2",
+				"@wordpress/blocks": "^6.0.3",
 				"@wordpress/components": "^7.0.3",
 				"@wordpress/compose": "^3.0.0",
 				"@wordpress/core-data": "^2.0.14",
@@ -617,14 +617,14 @@
 			}
 		},
 		"@wordpress/format-library": {
-			"version": "1.2.6",
-			"resolved": "https://registry.npmjs.org/@wordpress/format-library/-/format-library-1.2.6.tgz",
-			"integrity": "sha512-8GkrMRSZ287qotsYzJh0kzDRjDAYJLicwbSRSv4AR2+4dSW6ZX1CK2jt/ihxg5cbqxMitPPTqRA0PmUk+AtdDA==",
+			"version": "1.2.7",
+			"resolved": "https://registry.npmjs.org/@wordpress/format-library/-/format-library-1.2.7.tgz",
+			"integrity": "sha512-lVsltV1vS9BW+rHxb0ue+/z5ghvytAixVKCkwMaEEnc4qYYo4nzfsXTNCqpgxyQkpgH34j96psPD/34+os0ALg==",
 			"requires": {
 				"@babel/runtime": "^7.0.0",
 				"@wordpress/components": "^7.0.3",
 				"@wordpress/dom": "^2.0.7",
-				"@wordpress/editor": "^9.0.3",
+				"@wordpress/editor": "^9.0.4",
 				"@wordpress/element": "^2.1.8",
 				"@wordpress/i18n": "^3.1.0",
 				"@wordpress/keycodes": "^2.0.5",
diff --git a/package.json b/package.json
index ed27f9507a..544cbe513f 100644
--- a/package.json
+++ b/package.json
@@ -60,9 +60,9 @@
 		"@wordpress/api-fetch": "^2.2.5",
 		"@wordpress/autop": "^2.0.2",
 		"@wordpress/blob": "^2.1.0",
-		"@wordpress/block-library": "^2.2.8",
-		"@wordpress/block-serialization-default-parser": "^2.0.0",
-		"@wordpress/blocks": "^6.0.2",
+		"@wordpress/block-library": "^2.2.9",
+		"@wordpress/block-serialization-default-parser": "^2.0.1",
+		"@wordpress/blocks": "^6.0.3",
 		"@wordpress/components": "^7.0.3",
 		"@wordpress/compose": "^3.0.0",
 		"@wordpress/core-data": "^2.0.14",
@@ -71,11 +71,11 @@
 		"@wordpress/deprecated": "^2.0.3",
 		"@wordpress/dom": "^2.0.7",
 		"@wordpress/dom-ready": "^2.0.2",
-		"@wordpress/edit-post": "^3.1.3",
-		"@wordpress/editor": "^9.0.3",
+		"@wordpress/edit-post": "^3.1.4",
+		"@wordpress/editor": "^9.0.4",
 		"@wordpress/element": "^2.1.8",
 		"@wordpress/escape-html": "^1.0.1",
-		"@wordpress/format-library": "^1.2.6",
+		"@wordpress/format-library": "^1.2.7",
 		"@wordpress/hooks": "^2.0.3",
 		"@wordpress/html-entities": "^2.0.3",
 		"@wordpress/i18n": "^3.1.0",
diff --git a/src/wp-includes/class-wp-block-parser.php b/src/wp-includes/class-wp-block-parser.php
index 22a8a57a9a..439a2ce32b 100644
--- a/src/wp-includes/class-wp-block-parser.php
+++ b/src/wp-includes/class-wp-block-parser.php
@@ -364,6 +364,7 @@ class WP_Block_Parser {
 	 *
 	 * @internal
 	 * @since 3.8.0
+	 * @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments
 	 * @return array
 	 */
 	function next_token() {
@@ -378,13 +379,18 @@ class WP_Block_Parser {
 		 * match back in PHP to see which one it was.
 		 */
 		$has_match = preg_match(
-			'/<!--\s+(?<closer>\/)?wp:(?<namespace>[a-z][a-z0-9_-]*\/)?(?<name>[a-z][a-z0-9_-]*)\s+(?<attrs>{(?:[^}]+|}+(?=})|(?!}\s+-->).)*?}\s+)?(?<void>\/)?-->/s',
+			'/<!--\s+(?<closer>\/)?wp:(?<namespace>[a-z][a-z0-9_-]*\/)?(?<name>[a-z][a-z0-9_-]*)\s+(?<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?<void>\/)?-->/s',
 			$this->document,
 			$matches,
 			PREG_OFFSET_CAPTURE,
 			$this->offset
 		);
 
+		// if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE
+		if ( false === $has_match ) {
+			return array( 'no-more-tokens', null, null, null, null );
+		}
+
 		// we have no more tokens
 		if ( 0 === $has_match ) {
 			return array( 'no-more-tokens', null, null, null, null );
diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php
index 2501c53f9d..629029d9d0 100644
--- a/src/wp-includes/script-loader.php
+++ b/src/wp-includes/script-loader.php
@@ -212,9 +212,9 @@ function wp_default_packages_scripts( &$scripts ) {
 		'annotations'                        => '1.0.3',
 		'autop'                              => '2.0.2',
 		'blob'                               => '2.1.0',
-		'block-library'                      => '2.2.8',
-		'block-serialization-default-parser' => '2.0.0',
-		'blocks'                             => '6.0.2',
+		'block-library'                      => '2.2.9',
+		'block-serialization-default-parser' => '2.0.1',
+		'blocks'                             => '6.0.3',
 		'components'                         => '7.0.3',
 		'compose'                            => '3.0.0',
 		'core-data'                          => '2.0.14',
@@ -223,11 +223,11 @@ function wp_default_packages_scripts( &$scripts ) {
 		'deprecated'                         => '2.0.3',
 		'dom'                                => '2.0.7',
 		'dom-ready'                          => '2.0.2',
-		'edit-post'                          => '3.1.3',
-		'editor'                             => '9.0.3',
+		'edit-post'                          => '3.1.4',
+		'editor'                             => '9.0.4',
 		'element'                            => '2.1.8',
 		'escape-html'                        => '1.0.1',
-		'format-library'                     => '1.2.6',
+		'format-library'                     => '1.2.7',
 		'hooks'                              => '2.0.3',
 		'html-entities'                      => '2.0.3',
 		'i18n'                               => '3.1.0',