Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Regular Expression Denial of Service (ReDoS) - CVE-2023-26115 #32

Closed
tiagojufr opened this issue Mar 24, 2023 · 6 comments · Fixed by #33 or #41
Closed

Regular Expression Denial of Service (ReDoS) - CVE-2023-26115 #32

tiagojufr opened this issue Mar 24, 2023 · 6 comments · Fixed by #33 or #41

Comments

@tiagojufr
Copy link

tiagojufr commented Mar 24, 2023
edited
Loading

Hello,

Today DependencyTrack found this vulnerability in my project.

The issue seems to come from this line.

I know this project hasn't been updated for some years, so should we expect a fix? This is a transitive dependency of eslint, so I believe this issue will get a lot of attention.

Thanks!
@aashutoshrathi
Copy link
Contributor

What can be possible solution to not use regex?
As I understand all it has do with is the performance of regex, if there are any active maintainers, I can tak a stab on this one

@aashutoshrathi
Copy link
Contributor

Please check this: #33

@aashutoshrathi aashutoshrathi mentioned this issue Apr 2, 2023
Merged
Closed
@SharpFu
Copy link

SharpFu commented Apr 25, 2023
edited
Loading

I also need you fix the issue for my project if you have free time. @jonschlinkert @hildjj
@toddself @zachhale
for eslint, there will throw a error:
image

@aashutoshrathi
Copy link
Contributor

You can use this @SharpFu

@SharpFu
Copy link

SharpFu commented Apr 25, 2023

@aashutoshrathi how to check it is ok or not. I have re-install ,but not found your package in node_modules

@andreidiaconescu andreidiaconescu mentioned this issue Apr 25, 2023
Closed
@aashutoshrathi
Copy link
Contributor

@SharpFu you'll find the same folder word-wrap in node_modules.
But when you'll check the contents, it'll be from the forked package.
image

@emrysal emrysal mentioned this issue May 14, 2023
Closed
This was referenced Jun 22, 2023
Closed
Closed
Closed
@wellwelwel wellwelwel mentioned this issue Jun 28, 2023
Closed
@sjinks sjinks mentioned this issue Jun 29, 2023
Merged
@westonphillips westonphillips mentioned this issue Jun 27, 2023
Closed
@OlafConijn OlafConijn mentioned this issue Jul 13, 2023
Merged
@doowb doowb closed this as completed in #41 Jul 18, 2023
@doowb doowb mentioned this issue Jul 24, 2023
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@SharpFu @aashutoshrathi @tiagojufr