Severity: moderate

    Regular Expression Denial of Service

    hosted-git-info

    Overview

    hosted-git-info before versions 2.8.9 and 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

    Remediation

    Upgrade to version 3.0.8 or later

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 6th, 2021
    2. reported

      Reported by Anonymous
      May 6th, 2021