Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

nsp advisory Regular Expression Denial of Service

See original GitHub issue

Looks like https://nodesecurity.io/advisories/106 applies to engine.io I think the solution is to upgrade accepts:

https://github.com/jshttp/accepts/releases/tag/1.3.3

Issue Analytics

State:
Created 7 years ago
Reactions:3
Comments:11 (6 by maintainers)

Top GitHub Comments

3reactions

rauchgcommented, Jun 17, 2016

d9dda2b…298cb6f

2reactions

ChisholmKylecommented, Jun 25, 2016

Why is accepts@1.1.4 still a dependency in engine.io npm registry tarball https://registry.npmjs.org/engine.io/-/engine.io-1.6.11.tgz? Or am I confused about npm dependency handling? See also https://github.com/socketio/socket.io/issues/2591

Top Results From Across the Web

Cisco Regular Expression Processing DoS | Tenable®

On September 19, 2007, Cisco released a security response for a denial of service vulnerability in the regular expression processing in IOS.

Find Regular Expressions Which Are Vulnerable To ReDoS ...

This can cause denial of service, as the CPU will be stuck trying to match the regex. This tool is designed to: *...

[MBT-2527] NSP | Major Negotiator Vulnerability - Red Hat Issue ...

NSP | Major Negotiator Vulnerability ... Regular Expression Denial of Service ... Advisory https://nodesecurity.io/advisories/106. Affected Module Tree.

RegexScalpel: Regular Expression Denial of Service (ReDoS ...

Abstract: The Regular expression Denial of Service (ReDoS) is a class of denial of service attacks that exploit vulnerable regular expressions (regexes) whose ......

Jade npm - Vulnerabilities & Security Analysis - Snyk

The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't...