search

matthewmueller / x-ray

The next web scraper. See through the <html> noise.
MIT License
5.87k stars 349 forks source link

Fix debug dependency vulnerability #321

Closed felipemfp closed 5 years ago

felipemfp commented 5 years ago

Description

CVE-2017-16137 More information

Vulnerable versions: < 2.6.9 Patched version: 2.6.9

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Possibly related: #316