Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular Expression Denial of Service #857

Closed
PeterDaveHello opened this issue Nov 9, 2015 · 3 comments
Closed

Regular Expression Denial of Service #857

PeterDaveHello opened this issue Nov 9, 2015 · 3 comments

Comments

@PeterDaveHello
Copy link
Contributor

Regular Expression Denial of Service

October 24th, 2015
CVE-PENDING • Credit: Adam Baldwin
Vulnerable: All
Patched: None
https://nodesecurity.io/advisories/uglify-js_regular-expression-denial-of-service

Hope it'll be fixed soon 👍
@rvanvelzen
Copy link
Collaborator

For now do not minify untrusted scripts / input on the fly on a production server.

You should not be doing that anyway. Will look into this.

@avdg
Copy link
Contributor

avdg commented Nov 9, 2015

Probably recommended to bump release as well

@PeterDaveHello
Copy link
Contributor Author

👍

mishoo added a commit that referenced this issue Nov 9, 2015
@mishoo
Fix parsing invalid input
18d37ac 
i.e. `x = 1.xe` — because parseFloat("1.xe") returns 1, this parsed as
`x = 1`.

Ref #857
@kzc kzc mentioned this issue Dec 2, 2016
Closed
@CMaheshBL CMaheshBL mentioned this issue May 6, 2022
Open
@RobertMickleCx RobertMickleCx mentioned this issue Mar 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rvanvelzen @avdg @PeterDaveHello