-
-
Notifications
You must be signed in to change notification settings - Fork 11k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security fix for ReDoS #3980
Security fix for ReDoS #3980
Conversation
@ready-research thanks for the fix :) |
@jasonsaayman Thank you for the quick response. Can you please confirm the same in https://www.huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ |
@zidingz Can you please provide access to @jasonsaayman and guide him to validate and confirm the fix. |
Could a release be published with this fix now that it has been merged? |
Same as ImRodry coud a release be published ? |
Hi, I cannot release the project, I have asked everyone with access the moment that I released this. If there was a way for me to release it I would do so. I have also asked for access to be allowed to process releases. |
Alright thank you! Hope that gets sorted quickly since I believe this is quite an important one |
I've got a question. Is it a normal way of dealing with security issue, when person opens up 10 discussions on several websites and shares it publicly? by the way, potential problem was addressed a year ago in earlier pull request. See My mention, or by clicking this #3446 |
Normally it is handled privately but in this case it seems to have not been. As for the earlier pull request, I have pretty much been trying to get through stuff on the repo but have also had some other stuff on my plate so was gone for a couple months. I will continue merging stuff and looking into issues more frequently now that I have more time. |
Thanks for the answer! Wish you the best |
Fixes #3979
Security fix for ReDoS vulnerability.
https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/Trim
Reported in https://www.huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
Before fix: Result
time_cost: 2968
After fix: Result
time_cost: 6