| Title | vercel hyper >=18.2.79 Inefficient Regular Expression Complexity |
|---|
| Description | This report details multiple Regular Expression Denial of Service (ReDoS) vulnerabilities found in the rimraf-standalone.js script within the Hyper terminal repository. Specific regular expressions used for parsing glob patterns and comments are susceptible to catastrophic backtracking when processing maliciously crafted input strings. This can lead to excessive CPU consumption, effectively causing a denial of service.
This advisory provides proof-of-concept attack strings for each vulnerability and proposes fixes using lookaheads to mitigate the ReDoS risk. |
|---|
| Source | ⚠️ https://github.com/vercel/hyper/issues/8098 |
|---|
| User | DayShift (UID 80963) |
|---|
| Submission | 06/22/2025 03:50 PM (15 days ago) |
|---|
| Moderation | 07/04/2025 06:47 PM (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 314973 [vercel hyper up to 3.4.1 rimraf-standalone.js expand/braceExpand/ignoreMap redos] |
|---|
| Points | 20 |
|---|