ThisIsMissEm
commented
6 years ago huh, cool, Github just alerted me to this issue in one of my projects, turns out there's even a CVE for it: https://nvd.nist.gov/vuln/detail/CVE-2018-7651
Closed zkat closed 6 years ago
ThisIsMissEm
commented
6 years ago huh, cool, Github just alerted me to this issue in one of my projects, turns out there's even a CVE for it: https://nvd.nist.gov/vuln/detail/CVE-2018-7651
The previous form was vulnerable to ReDoS attacks, by crafting exceptionally long base64 hash strings.
This issue only affected consumers using the opts.strict option.