-
Notifications
You must be signed in to change notification settings - Fork 908
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
INEFFICIENT REGULAR EXPRESSION COMPLEXITY IN DEBUG #939
Comments
This was referenced Aug 4, 2023
If you've seen the other issues you know why this isn't something I'm addressing. Opening new tickets is not going to help. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Since #921 and #924 have been closed I am raising the following issue as it should be fixed!
...
Since December 2020 Checkmark has raised the following issue (which is getting flagged for me in WebStorm IDE):
https://devhub.checkmarx.com/cve-details/Cx8bc4df28-fcf5/
INEFFICIENT REGULAR EXPRESSION COMPLEXITY IN DEBUG
In NPM
debug
, theenable
function accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137.CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
The text was updated successfully, but these errors were encountered: