Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular Expression Denial of Service (ReDoS) - CVE-2023-26115 #32

Closed
tiagojufr opened this issue Mar 24, 2023 · 6 comments · Fixed by #33 or #41
Closed

Regular Expression Denial of Service (ReDoS) - CVE-2023-26115 #32

tiagojufr opened this issue Mar 24, 2023 · 6 comments · Fixed by #33 or #41

Comments

@tiagojufr
Copy link

tiagojufr commented Mar 24, 2023
edited
Loading

Hello,

Today DependencyTrack found this vulnerability in my project.

The issue seems to come from this line.

I know this project hasn't been updated for some years, so should we expect a fix? This is a transitive dependency of eslint, so I believe this issue will get a lot of attention.

Thanks!
@aashutoshrathi
Copy link
Contributor

What can be possible solution to not use regex?
As I understand all it has do with is the performance of regex, if there are any active maintainers, I can tak a stab on this one

@aashutoshrathi
Copy link
Contributor

Please check this: #33

@aashutoshrathi aashutoshrathi mentioned this issue Apr 2, 2023
Merged
Closed
@SharpFu
Copy link

SharpFu commented Apr 25, 2023
edited
Loading

I also need you fix the issue for my project if you have free time. @jonschlinkert @hildjj
@toddself @zachhale
for eslint, there will throw a error:
image

@aashutoshrathi
Copy link
Contributor

You can use this @SharpFu

@SharpFu
Copy link

SharpFu commented Apr 25, 2023

@aashutoshrathi how to check it is ok or not. I have re-install ,but not found your package in node_modules

@andreidiaconescu andreidiaconescu mentioned this issue Apr 25, 2023
Closed
@aashutoshrathi
Copy link
Contributor

@SharpFu you'll find the same folder word-wrap in node_modules.
But when you'll check the contents, it'll be from the forked package.
image

@emrysal emrysal mentioned this issue May 14, 2023
Closed
This was referenced Jun 22, 2023
Closed
Closed
Closed
@wellwelwel wellwelwel mentioned this issue Jun 28, 2023
Closed
@sjinks sjinks mentioned this issue Jun 29, 2023
Merged
@westonphillips westonphillips mentioned this issue Jun 27, 2023
Closed
@OlafConijn OlafConijn mentioned this issue Jul 13, 2023
Merged
@doowb doowb closed this as completed in #41 Jul 18, 2023
@doowb doowb mentioned this issue Jul 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@SharpFu @aashutoshrathi @tiagojufr