urlite icon indicating copy to clipboard operation
urlite copied to clipboard

Published 20 hours ago verified publisher icon alanclarke

Security issue in regex

Open 6en6ar opened this issue 1 year ago • 0 comments

The regex inside lib/pattern.js file seems to be vulnerable to Regex denial of service. I used this payload to cause a 17 second delay when a URL is processed by the parse() function. Maybe it can be even longer, probably depends on the length.

'//:' + '\t:\t'.repeat(90000)+ '\t'

6en6ar avatar Jan 22 '24 21:01 6en6ar