Regular Expression Denial of Serviceurl-regex
All versions of
url-regex are vulnerable to a Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.
There are no patches and the software is not currently maintained. The security researcher who found the issue has released
url-regex-safe as an alternative.
publishedAdvisory PublishedAug 17th, 2020
reportedReported by niftylettuceAug 17th, 2020