You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 22, 2023. It is now read-only.
Hello,
I want to propose patching v8 to fix an important DoS issue. Yes, I know, it's nodejs policy to not alter v8 code, but this might be one case in which, in my opinion, an exception should be made. This issue allows an attacker to block your eventloop for quite a long time if you do require('querystring').parse(str) on a few megabytes of data or so (e.g. coming from an HTTP POST request).
Hello,
I want to propose patching v8 to fix an important DoS issue. Yes, I know, it's nodejs policy to not alter v8 code, but this might be one case in which, in my opinion, an exception should be made. This issue allows an attacker to block your eventloop for quite a long time if you do
require('querystring').parse(str)on a few megabytes of data or so (e.g. coming from an HTTP POST request).Talk video: http://www.youtube.com/watch?v=R2Cq3CLI6H8
What needs to be done: Randomize the hash function (e.g. change the start value on startup to something random or so).