Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Core: fix ReDoS vulnerability in url2 #2428

Merged
merged 1 commit into from May 19, 2022
Merged

Core: fix ReDoS vulnerability in url2 #2428

merged 1 commit into from May 19, 2022

Conversation

bytestream
Copy link
Member

@bytestream bytestream commented May 19, 2022

ReDoS, or Regular Expression Denial of Service, is a vulnerability affecting poorly constructed and potentially inefficient regular expressions which can make them perform extremely badly given a creatively constructed input string.

Updated regex to match url validation, but adjusted to allow optional TLD.

reported by Shachar Menashe
research team at JFrog Security

@bytestream bytestream requested a review from staabm May 19, 2022 15:16
@staabm
Copy link
Member

staabm commented May 19, 2022

thanks!

@bytestream bytestream merged commit 69cb17e into master May 19, 2022
@bytestream bytestream deleted the redos branch May 19, 2022 15:20
@ffontaine
Copy link
Contributor

FYI, it seems this issue has been assigned CVE-2021-43306

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants