Regular Expression Denial of Servicestring
Affected versions of
string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the
There is currently no direct patch for this vulnerability.
Currently, the best solution is to avoid passing user input to the
Alternatively, a user provided patch is available in Pull Request #217, however this patch has not been tested, nor has it been merged by the package author.
reportedInitial report by Cristian-Alexandru StaicuSep 25th, 2017
publishedAdvisory publishedSep 25th, 2017