Bug: nth-check Regular Expression Denial of Service (ReDoS)
EndyKaufman opened this issue · 0 comments
EndyKaufman commented
Is there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe
snyk detect bad deps https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
@ngneat/transloco-keys-manager@3.3.1 › cheerio@1.0.0-rc.3 › css-select@1.2.0 › nth-check@1.0.2
Overview
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) mainly due to the sub-pattern \s*(?:([+-]?)\s*(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency.
Fixed in
nth-check@2.0.1
Describe the solution you'd like
No response
Describe alternatives you've considered
No response
Describe alternatives you've considered
-Describe alternatives you've considered
Additional context
No response
I would like to make a pull request for this feature
No