INEFFICIENT REGULAR EXPRESSION COMPLEXITY IN DEBUG #939
Comments
This was referenced Aug 4, 2023
|
If you've seen the other issues you know why this isn't something I'm addressing. Opening new tickets is not going to help. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Since #921 and #924 have been closed I am raising the following issue as it should be fixed!
...
Since December 2020 Checkmark has raised the following issue (which is getting flagged for me in WebStorm IDE):
https://devhub.checkmarx.com/cve-details/Cx8bc4df28-fcf5/
INEFFICIENT REGULAR EXPRESSION COMPLEXITY IN DEBUG
In NPM
debug, theenablefunction accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137.CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
The text was updated successfully, but these errors were encountered: