opensource.microsoft.com icon indicating copy to clipboard operation
opensource.microsoft.com copied to clipboard
verified publisher icon microsoft

Patched Inefficient Regular Expression Complexity in chalk/ansi-regex

Open imhunterand opened this issue 3 years ago • 1 comments

Description issue:

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service.

CVE-2021-3807 7.5/ 10

imhunterand avatar Aug 11 '22 17:08 imhunterand

CLA assistant check
All CLA requirements met.

ghost avatar Aug 11 '22 17:08 ghost

Hi Team @jeffwilcox

I've reported an three security vulnerabilities, can this reports eligible for HOF ?

imhunterand avatar Sep 03 '22 12:09 imhunterand

@imhunterand I do not know how that process works, the security reporting requirements for MSRC are detailed in the SECURITY.MD file that would go through that group.

We also had GitHub security alerts on these vulns as well which were dismissed as not impacting this project but being a nice-to-fix to clear alerts.

jeffwilcox avatar Sep 03 '22 19:09 jeffwilcox