Skip to content
This repository has been archived by the owner on Sep 15, 2022. It is now read-only.

Regular Expression Denial of Service (ReDoS) #62

Open
larrycameron80 opened this issue Sep 16, 2019 · 0 comments
Open

Regular Expression Denial of Service (ReDoS) #62

larrycameron80 opened this issue Sep 16, 2019 · 0 comments

Comments

@larrycameron80
Copy link

Regular Expression Denial of Service (ReDoS)
Vulnerable module: lodash
Introduced through: [email protected]
Detailed paths
Introduced through: @polymathnetwork/abi-wrappers@PolymathNetwork/polymath-abi-wrappers#016f858f82ee983814ce487a8de0a67b68652196 › [email protected][email protected][email protected]
Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It parses dates using regex strings, which may cause a slowdown of 2 seconds per 50k characters.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@larrycameron80