-
See Regular Expression Denial of Service (ReDoS) in micromatch #23 for additional details.
-
See Regular Expression Denial of Service (ReDoS) in micromatch #43 for additional details.
-
The redoChain doesn't seem to be saved anywhere. I'm intending to handle this in #10 using cPickle.
-
ReDoS vulnerabilities are a serious problem and people using regex prefixes could fall victim to this.
I want to protect people against this by checking for ReDoS vulnerabilities in the background us…
-
More info here:
https://www.mend.io/vulnerability-database/CVE-2020-26302
-
Why are we using limited set of characters like {1,10} or {1,20} when using a `+` would take care of any length payload. For e.g, https://github.com/coreruleset/coreruleset/blob/914f7a5e75401061c39be7…
-
See Regular Expression Denial of Service (ReDoS) in micromatch #31 for additional details
-
## Description
snyk package reports vulnerability with [remove-markdown](https://github.com/stiang/remove-markdown) dependency
See [this issue](https://github.com/stiang/remove-markdown/issues/4…
-
The affected code is located in [matching.coffee-line321](https://github.com/dropbox/zxcvbn/blob/67c4ece9efc40c9d0a1d7d995b2b22a91be500c2/src/matching.coffee#L321). It uses the vulnerable regular expr…
-
This is a most useful project, especially given it can be easily incorporated into any CI workflow. So, please keep up the good work!
Until recently, our experience is its results are broadly in li…