Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: Fix REDOS vulnerability #18

Merged
merged 1 commit into from
Mar 20, 2018
Merged

Commits on Mar 19, 2018

  1. security: Fix REDOS vulnerability

    Problem:
    As disclosed by email, the regex in this module was vulnerable to
    catastrophic backtracking.
    This could be used as a REDOS vector for Node.js servers that use
    this module.
    
    Solution:
    Use a two-step validation process.
    Split the vulnerable regex into three safe ones.
    davisjam committed Mar 19, 2018
    1 Configuration menu
    Copy the full SHA
    1495509 View commit details
    Browse the repository at this point in the history