My-Wallet-V3 icon indicating copy to clipboard operation
My-Wallet-V3 copied to clipboard
verified publisher icon blockchain

Regular Expression Denial of Service (ReDoS)

Open larrycameron80 opened this issue 6 years ago • 0 comments

Regular Expression Denial of Service (ReDoS) Vulnerable module: braces Introduced through: [email protected] Detailed paths Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › [email protected][email protected][email protected][email protected][email protected][email protected] Overview braces is a Bash-like brace expansion, implemented in JavaScript.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.

larrycameron80 avatar Sep 17 '19 02:09 larrycameron80