search

stevemao / html-comment-regex

Regular expression for matching HTML comments
MIT License
15 stars 7 forks source link

Trying to get in touch regarding a security issue #4

Open zidingz opened 3 years ago

zidingz commented 3 years ago

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

yetingli commented 3 years ago

Hey Steve, recently I found a potential ReDoS vulnerability inside html-comment-regex, I made a patch for it and hope you are happy to receive this fix. You can access the vulnerability details at huntr. Please feel free to get in touch if there are any more issues.

stevemao commented 2 months ago

Please either send me an email, or send a PR to fix it directly.

@zidingz @huntr-helper @yetingli