Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Regular Expression Denial of Service (ReDoS) #458

Merged
merged 1 commit into from
May 17, 2017
Merged

Fix Regular Expression Denial of Service (ReDoS) #458

merged 1 commit into from
May 17, 2017

Conversation

hubdotcom
Copy link
Contributor

@coveralls
Copy link

coveralls commented May 16, 2017
edited
Loading

Coverage Status

Coverage remained the same at 63.804% when pulling d49a69f on hubdotcom:patch-1 into 4a6c85c on visionmedia:master.

@designfrontier
Copy link

would love to see this landed :-) I am a way upstream consumer and this is the one open vulnerability I've got at the moment.

@TooTallNate TooTallNate merged commit 15850cb into debug-js:master May 17, 2017
@thebigredgeek
Copy link
Contributor

live on https://github.com/visionmedia/debug/releases/tag/2.6.7
@dougwilson

@hubdotcom hubdotcom deleted the patch-1 branch May 17, 2017 09:49
@dotchev
Copy link

dotchev commented May 31, 2017

We also see this issue in our projects. We depend on debug via a bunch of other packages. It will take some time until all of them are updated.
But I wonder if this issue affects debug at al.
Looking quickly in the code, it seems ms is called only with a number, not with a string. So this ReDoS issue should not be relevant, right?

    var ms = curr - (prevTime || curr);
    self.diff = ms;

https://github.com/visionmedia/debug/blob/master/src/debug.js#L73

exports.humanize = require('ms');

https://github.com/visionmedia/debug/blob/master/src/debug.js#L14

    args.push('\u001b[3' + c + 'm+' + exports.humanize(this.diff) + '\u001b[0m');

https://github.com/visionmedia/debug/blob/master/src/node.js#L115

This was referenced Mar 11, 2021
Merged
Closed
Merged
Open
Merged
Merged
@ryan-ally ryan-ally mentioned this pull request Mar 15, 2021
Merged
This was referenced Mar 16, 2021
Closed
Closed
@snyk-bot snyk-bot mentioned this pull request May 31, 2021
Open
@snyk-bot snyk-bot mentioned this pull request Sep 16, 2021
Open
@fredfrazao fredfrazao mentioned this pull request May 24, 2024
Open
@dmrazzy dmrazzy mentioned this pull request May 28, 2024
Open
@YoutacRandS-VA YoutacRandS-VA mentioned this pull request Jun 19, 2024
Open
@apiiro-snyk apiiro-snyk mentioned this pull request Jun 21, 2024
Open
@EitanGayor EitanGayor mentioned this pull request Jun 22, 2024
Open
@baardl baardl mentioned this pull request Jun 22, 2024
Closed
@christophergoodwi christophergoodwi mentioned this pull request Jun 22, 2024
Closed
@EitanGayor EitanGayor mentioned this pull request Jun 22, 2024
Open
@Vin757 Vin757 mentioned this pull request Jun 23, 2024
Merged
@javascript-benchmark javascript-benchmark mentioned this pull request Jun 27, 2024
Open
@WontonSam WontonSam mentioned this pull request Jul 16, 2024
Open
@gmsoft-tuxicoman gmsoft-tuxicoman mentioned this pull request Jul 16, 2024
Open
@mhill-os mhill-os mentioned this pull request Jul 25, 2024
Open
@Howyi888 Howyi888 mentioned this pull request Aug 17, 2024
Open
@WontonSam WontonSam mentioned this pull request Aug 17, 2024
Open
@christophergoodwi christophergoodwi mentioned this pull request Aug 18, 2024
Closed
This was referenced Aug 18, 2024
Open
Open
@snyk-io snyk-io bot mentioned this pull request Aug 29, 2024
Open
@dcarroll dcarroll mentioned this pull request Sep 9, 2024
Open
@EitanGayor EitanGayor mentioned this pull request Sep 9, 2024
Open
@BlackPeter13 BlackPeter13 mentioned this pull request Sep 10, 2024
Open
@rodcko rodcko mentioned this pull request Sep 10, 2024
Open
@snyk-io snyk-io bot mentioned this pull request Sep 13, 2024
Open
@snyk-io snyk-io bot mentioned this pull request Sep 22, 2024
Open
@EitanGayor EitanGayor mentioned this pull request Sep 23, 2024
Open
@oranheim oranheim mentioned this pull request Sep 26, 2024
Open
@EitanGayor EitanGayor mentioned this pull request Sep 27, 2024
Open
@raja-majumder raja-majumder mentioned this pull request Sep 27, 2024
Closed
@EitanGayor EitanGayor mentioned this pull request Sep 28, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 28, 2024
Open
@EitanGayor EitanGayor mentioned this pull request Sep 28, 2024
Open
@EitanGayor EitanGayor mentioned this pull request Nov 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hubdotcom @coveralls @designfrontier @thebigredgeek @dotchev @TooTallNate