Regular Expression Denial of Service@fast-csv/parse
@fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing.
You will only be affected by this if you use the
ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to the latest version
This has been patched in
This vulnerability was found using a CodeQL query which identified
EMPTY_ROW_REGEXP regular expression as vulnerable.
Upgrade to version 4.3.6 or later.
publishedAdvisory PublishedDec 8th, 2020
reportedReported by AnonymousDec 8th, 2020