Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #629 from jorgectf/fix-regex-injection
  • Loading branch information
P-T-I committed Mar 23, 2021
2 parents e31d913 + c7ce297 commit c621f9f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/DatabaseLayer.py
Expand Up @@ -238,7 +238,7 @@ def cvesForCPE(cpe, lax=False, vulnProdSearch=False, limit=0, strict_vendor_prod
if cpe_regex not in vc:
continue

re_from_start = re.compile("^.*{}:".format(cpe_regex))
re_from_start = re.compile("^.*{}:".format(re.escape(cpe_regex)))
cpe_version = re_from_start.sub("", vc)

# TODO: handle versions such as "1.1.3:p2"
Expand Down

0 comments on commit c621f9f

Please sign in to comment.