Open thomscoder opened 2 weeks ago
Describe the bug The page freezes on the url validation using the string().url(). The default regex in https://github.com/jquense/yup/blob/5a22c16dbba610050e85f123d389ddacaa92a0ad/src/string.ts#L26 is vulnerable to potential ReDOS attacks
string().url()
To Reproduce '//T.' + '0.'.repeat(30) + '\x00' https://stackblitz.com/edit/vitejs-vite-alk1jn?file=src%2FApp.tsx&terminal=dev
Expected behavior The app should not freeze
Platform (please complete the following information):
Describe the bug The page freezes on the url validation using the
string().url()
. The default regex in https://github.com/jquense/yup/blob/5a22c16dbba610050e85f123d389ddacaa92a0ad/src/string.ts#L26 is vulnerable to potential ReDOS attacksTo Reproduce '//T.' + '0.'.repeat(30) + '\x00' https://stackblitz.com/edit/vitejs-vite-alk1jn?file=src%2FApp.tsx&terminal=dev
Expected behavior The app should not freeze
Platform (please complete the following information):