Security fix for ReDoS #3980
Security fix for ReDoS #3980
Conversation
|
@ready-research thanks for the fix :) |
|
@jasonsaayman Thank you for the quick response. Can you please confirm the same in https://www.huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ |
|
@zidingz Can you please provide access to @jasonsaayman and guide him to validate and confirm the fix. |
|
Could a release be published with this fix now that it has been merged? |
|
Same as ImRodry coud a release be published ? |
|
Hi, I cannot release the project, I have asked everyone with access the moment that I released this. If there was a way for me to release it I would do so. I have also asked for access to be allowed to process releases. |
|
Alright thank you! Hope that gets sorted quickly since I believe this is quite an important one |
|
I've got a question. Is it a normal way of dealing with security issue, when person opens up 10 discussions on several websites and shares it publicly? by the way, potential problem was addressed a year ago in earlier pull request. See My mention, or by clicking this #3446 |
|
Normally it is handled privately but in this case it seems to have not been. As for the earlier pull request, I have pretty much been trying to get through stuff on the repo but have also had some other stuff on my plate so was gone for a couple months. I will continue merging stuff and looking into issues more frequently now that I have more time. |
|
Thanks for the answer! Wish you the best |
Fixes #3979
Security fix for ReDoS vulnerability.
https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/Trim
Reported in https://www.huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
Before fix: Result
time_cost: 2968After fix: Result
time_cost: 6