Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed ReDoS in "loadAnnotation" function of "previous-map.js" #49

merged 1 commit into from Aug 10, 2022


Copy link

  • Replaced (.*) with ((?:(?!sourceMappingURL=).)*) in regex used in loadAnnotation function of src/previous-map.js to fix ReDoS.

Closes #45
Closes #48

Copy link

dzadza commented Jul 28, 2022

Please merge 🙏

Copy link

Perhaps @xzyfer can merge it? :)

Copy link

Hello! When plan to merge ? Need for security update.

Copy link

Hello! When you guys are going to merge it???????????????
@sushantmittal @dzadza @danny-endeavour @Grizzlijs @migonium

Copy link
Contributor Author

@Marcel-MSC : I don't have permission to merge it.
@xzyfer can merge it.

Copy link

@xzyfer , is it merged ? Thanks

Copy link

azeemh commented Aug 3, 2022

please merge so every other programmer in the world can securely use node js in their projects again.

@xzyfer xzyfer merged commit a53b6f2 into sasstools:master Aug 10, 2022
Copy link

xzyfer commented Aug 10, 2022

Thanks @sushantmittal

Copy link

Many thanks to both @xzyfer and @sushantmittal for their hard work!

Copy link

Thanks @xzyfer and @sushantmittal

Copy link

G-Rath commented Aug 12, 2022

I've opened github/advisory-database#589 updating the advisory to reflect the new release :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

CVE-2022-25758 Vulnerability CVE-2021-23382 Might apply?