Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Update request 2.72.x to 2.74.x to fix tough cookie vulnerability. #9
Resolves the vulnerability found in the old version of request. From Synk scan of an app that relies on stackexchange at https://snyk.io/test/npm/stack-exchange-markdown-retriever :
"ReDoS via long string of semicolons
Detailed paths and remediation
tough-cookie package versions 0.9.7 through 2.2.2 are vulnerable to a Regular expression Denial of Service (ReDoS) when long strings of semicolons in the Set-Cookie header, causes the event loop to block for excessive amounts of time.
"The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time." 1"