Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork2.8k
Core: fixed Regular Expression Denial of Service vulnerability#2371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
ReDoS, or Regular Expression Denial of Service, is a vulnerability affectingpoorly constructed and potentially inefficient regular expressions which canmake them perform extremely badly given a creatively constructed input string.GHSL-2020-294credits to@erik-krogh for reporting the issue and providing a fix
@pwntester I don't know what went wrong, but I opened the PR with the fix now manually, as the security advisory no longer allows me to access the private fork, so I could open a PR |
staabm commentedJan 9, 2021 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
@erik-krogh sorry for not giving proper credit via git commit autorship. I somehow fucked up the patching of the vulnerability. the process using the gh security audit was not clear to me. |
Uh oh!
There was an error while loading.Please reload this page.
ReDoS, or Regular Expression Denial of Service, is a vulnerability affecting
poorly constructed and potentially inefficient regular expressions which can
make them perform extremely badly given a creatively constructed input string.
GHSL-2020-294
credits to@erik-krogh for reporting the issue and providing a fix
for details seeGHSA-jxwx-85vp-gvwm