| عنوان | vercel hyper >=18.2.79 Inefficient Regular Expression Complexity |
|---|
| الوصف | This report details multiple Regular Expression Denial of Service (ReDoS) vulnerabilities found in the rimraf-standalone.js script within the Hyper terminal repository. Specific regular expressions used for parsing glob patterns and comments are susceptible to catastrophic backtracking when processing maliciously crafted input strings. This can lead to excessive CPU consumption, effectively causing a denial of service.
This advisory provides proof-of-concept attack strings for each vulnerability and proposes fixes using lookaheads to mitigate the ReDoS risk. |
|---|
| المصدر | ⚠️ https://github.com/vercel/hyper/issues/8098 |
|---|
| المستخدم | DayShift (UID 80963) |
|---|
| ارسال | 22/06/2025 03:50 PM (12 أشهر منذ) |
|---|
| الاعتدال | 04/07/2025 06:47 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 314973 [vercel hyper حتى 3.4.1 rimraf-standalone.js expand/braceExpand/ignoreMap الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|