You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We found that your repository scrubadub may contain a security vulnerability in the form of a regular expression that could result in a Denial of Service attack: Regular Expression Denial of Service (ReDoS). (If you’re curious, you can read more about this kind of problem from Cloudflare’s postmortem about a ReDoS-based outage they experienced.)
These are the regexes that we found might be vulnerable in 'scrubadub/detectors/drivers_licence.py', 'scrubadub/detectors/en_GB/tax_reference_number.py':
Regex: '''([a-zA-Z9]{5}\s?)((?:\s*\d\s*){6}[a-zA-Z9]{2}\w{3})\s?(\d{2})''' on Line 20 in drivers_licence.py and
'''\d{2}\s?[a-zA-Z]{1}(?:\s*\d\s*){5}''' on Line 19 in tax_reference_number.py
Thanks to Zainab and Adnan for reporting this.
The text was updated successfully, but these errors were encountered: