Headline

GHSA-vqc4-v8hc-h2jg: Polynomial regular expression used on uncontrolled data in nitrado.js

Impact

Possible ReDoS with lib input of {{ and with many repetitions of {{|.

Patches

Patched in all versions above 0.2.5

Workarounds

No known work arounds.

References

OWASP: Regular expression Denial of Service - ReDoS
Wikipedia: ReDoS.
Wikipedia: Time complexity.
James Kirrage, Asiri Rathnayake, Hayo Thielecke: Static Analysis for Regular Expression Denial-of-Service Attack.
Common Weakness Enumeration: CWE-1333.
Common Weakness Enumeration: CWE-400.

2 years ago

ghsa

Open in Source

#dos #js #git #php #pdf

Polynomial regular expression used on uncontrolled data in nitrado.js

High severity GitHub Reviewed Published Aug 31, 2022 in cainthebest/nitrado.js • Updated Aug 31, 2022

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.

2 years ago

CVE

Open in Source

#vulnerability #ios #nodejs #js #git #oauth #auth

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

ghsa

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

ghsa

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

ghsa

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

ghsa

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago

ghsa

Headline

GHSA-vqc4-v8hc-h2jg: Polynomial regular expression used on uncontrolled data in nitrado.js

Impact

Patches

Workarounds

References

Related news

ghsa: Latest News