From 6675757d972f2f5afdf2238c1b34935c81ba6095 Mon Sep 17 00:00:00 2001 From: Michael Bromley <michael@michaelbromley.co.uk> Date: Wed, 27 Oct 2021 22:02:45 +0200 Subject: [PATCH] fix(core): Fix polynomial regex vulnerability Fixes https://github.com/vendure-ecommerce/vendure/security/code-scanning/19 --- packages/core/src/api/common/extract-session-token.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/src/api/common/extract-session-token.ts b/packages/core/src/api/common/extract-session-token.ts index 09ecb6915f..e95f27b3a2 100644 --- a/packages/core/src/api/common/extract-session-token.ts +++ b/packages/core/src/api/common/extract-session-token.ts @@ -35,7 +35,7 @@ function getFromCookie(req: Request): string | undefined { function getFromHeader(req: Request): string | undefined { const authHeader = req.get('Authorization'); if (authHeader) { - const matches = authHeader.match(/bearer\s+(.+)$/i); + const matches = authHeader.match(/bearer\s(.+)$/i); if (matches) { return matches[1]; }