-
听说有一个操作,叫做 REDOS,形如 `/c*$/` 的正则构造可能会导致 REDOS,吓得我赶紧写了一个方法做为替代:
```js
// trimEnd by token without regular expression
// /c*$/ is vulnerable to REDOS. ??
function _trimEnd(text, token) {
while (…
xovel updated
5 years ago
-
didn't notice these, but it happens when you do things like use regular expressions for search.
-
The package `semver` version 5.4.1 has a security issue and allows attackers to do a **ReDoS**.
Can you please update that package to the latest version ?
https://github.com/serverless/serverless-…
-
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
No fix available
node_modules/html-minifier
minify-html-lite…
-
**Client_Potential_ReDoS_In_Replace** issue exists @ **public/assets/showdown.min.js** in branch **master**
*The application uses a dangerous regex pattern "/((^ {0,3}>[ \t]?.+\n(.+\n)*\n*)…
-
This is a super-task which is broken into:
- [ ] Implement configurable regexp parser in OCaml (#3736)
- [ ] Implement redos vulnerability detection on a regexp AST (#3737)
- [ ] Design and impleme…
-
-
**Introduced through**
@iconscout/unicons@4.0.8
**Fixed in**
nth-check@2.0.1
https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
**Detailed paths**
Introduced through: sastrify-webapp@2.4…
-
The `request` lib was relying on a module called `node-uuid`. For some reason the author decided it was necessary to deprecate this module and continue with a module called `uuid`. Using `node-uuid` n…
-
Dependabot link - https://github.com/bcgov/foi-flow/security/dependabot?q=is%3Aopen+manifest%3Aforms-flow-web%2Fpackage-lock.json
Upgrade to latest version of Nodejs before addressing these
- [x] -…