2 matches found
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...
Regular Expression Denial Of Service (ReDoS)
diff is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the usage of improper regular expression that would cause a ReDoS attack when parsing malicious strings...