-
### Issue
Vulnerability *Regular Expression Denial of Service (ReDoS)* found in package micromatch v4.0.7
The NPM package `micromatch` prior to version 4.0.8 is vulnerable to Regular Expression De…
-
Regex patterns in filters are passed straight to the regexp constructor without any sort of filtering for malicious patterns. For trusted expressions (those on the /r/anime server) this is fine, but n…
-
According to the [Ajv documentation](https://github.com/ajv-validator/ajv/blob/bd8d86579386cb58854e9db74a5dc7b2d1894806/docs/security.md#redos-attack):
> some formats that ajv-formats package imple…
-
-
Hey there,
It appears that the current version of react-simple-maps relies on a vulnerable version of another package, d3-color. My team and I are getting the following Dependabot Alert:
> ### D…
-
### Check List
- [X] I have already read README.
- [X] I have already searched existing issues.
- [X] I have already searched existing pull requrests.
### Feature Request
I noticed that the `hexo-h…
-
https://github.com/GSA/smartpay-training/security/dependabot/23
-
https://github.com/GSA/889-tool/security/dependabot/19
-
We'll need to implement ReDoS and regex injection queries following up on https://github.com/Semmle/ql/pull/2743
-
This issue has been generated on-behalf of snoopysecurity (https://huntr.dev/app/users/snoopysecurity)
## Vulnerability Description
It is possible to insert an evil regex as part of benchmark options…