Fix Regular Expression Denial of Service (ReDoS) #458
Merged
Conversation
|
would love to see this landed :-) I am a way upstream consumer and this is the one open vulnerability I've got at the moment. |
|
We also see this issue in our projects. We depend on debug via a bunch of other packages. It will take some time until all of them are updated. var ms = curr - (prevTime || curr);
self.diff = ms;https://github.com/visionmedia/debug/blob/master/src/debug.js#L73 exports.humanize = require('ms');https://github.com/visionmedia/debug/blob/master/src/debug.js#L14 args.push('\u001b[3' + c + 'm+' + exports.humanize(this.diff) + '\u001b[0m');https://github.com/visionmedia/debug/blob/master/src/node.js#L115 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
https://snyk.io/vuln/npm:ms:20170412