Описание
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-hosted-git-info | fixed | 3.0.8-1 | package | |
| node-hosted-git-info | fixed | 2.7.1-1+deb10u1 | buster | package |
| node-hosted-git-info | not-affected | stretch | package |
Примечания
Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
Связанные уязвимости
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Regular Expression Denial of Service in hosted-git-info
Уязвимость функции fromUrl программного обеспечения hosted-git-info, связанная с неправильным регулярным выражением, позволяющая нарушителю вызвать отказ в обслуживании