[GHSA-hhq3-ff78-jv3g] loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) #2906

NxPKG · 2023-11-01T23:24:23Z

Updates

Affected products
CWEs
Description

Comments

import re

def match_regex(regex, string, timeout=1):
  """Matches a regular expression against a string, with a timeout.

  Args:
    regex: The regular expression to match.
    string: The string to match against.
    timeout: The maximum amount of time to spend matching the regular expression.

  Returns:
    True if the regular expression matches the string, False otherwise.
  """

  regex = re.compile(regex, re.DOTALL)
  start_time = time.time()
  match = regex.match(string)
  end_time = time.time()
  if match and (end_time - start_time) <= timeout:
    return True
  else:
    return False

shelbyc · 2023-11-06T22:07:20Z

👋 Hi @NxPKG, thank you for your interest in GHSA-hhq3-ff78-jv3g, but we don't include general remediation advice for classes of vulnerabilities in GitHub Security Advisories unless the maintainer includes the advice in their repository advisory. Have a good week!

Improve GHSA-hhq3-ff78-jv3g

e8ffb83

github-actions bot changed the base branch from main to NxPKG/advisory-improvement-2906 November 1, 2023 23:25

advisory-database bot closed this Dec 28, 2023

github-actions bot deleted the NxPKG-GHSA-hhq3-ff78-jv3g branch December 28, 2023 18:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-hhq3-ff78-jv3g] loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) #2906

[GHSA-hhq3-ff78-jv3g] loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) #2906

NxPKG commented Nov 1, 2023

shelbyc commented Nov 6, 2023

[GHSA-hhq3-ff78-jv3g] loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) #2906

[GHSA-hhq3-ff78-jv3g] loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) #2906

Conversation

NxPKG commented Nov 1, 2023

shelbyc commented Nov 6, 2023