-
Notifications
You must be signed in to change notification settings - Fork 943
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Regular Expression Denial of Service (ReDoS) #458
Conversation
would love to see this landed :-) I am a way upstream consumer and this is the one open vulnerability I've got at the moment. |
We also see this issue in our projects. We depend on debug via a bunch of other packages. It will take some time until all of them are updated. var ms = curr - (prevTime || curr);
self.diff = ms; https://github.com/visionmedia/debug/blob/master/src/debug.js#L73 exports.humanize = require('ms'); https://github.com/visionmedia/debug/blob/master/src/debug.js#L14 args.push('\u001b[3' + c + 'm+' + exports.humanize(this.diff) + '\u001b[0m'); https://github.com/visionmedia/debug/blob/master/src/node.js#L115 |
https://snyk.io/vuln/npm:ms:20170412