Regular Expression Denial of Service (ReDoS)

[larrycameron80]

Regular Expression Denial of Service (ReDoS) Vulnerable module: fresh Introduced through: [email protected] and [email protected] Detailed paths Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › [email protected] › [email protected] Remediation: Upgrade to [email protected]. Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › [email protected] › [email protected] Remediation: Upgrade to [email protected]. Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › [email protected] › [email protected] › [email protected] Remediation: Upgrade to [email protected]. Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › [email protected] › [email protected] › [email protected] › [email protected] Remediation: Upgrade to [email protected]. Overview fresh is HTTP response freshness testing.

Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. A Regular Expression (/ *, */) was used for parsing HTTP headers and take about 2 seconds matching time for 50k characters.