| 제목 | vercel hyper >=18.2.79 Inefficient Regular Expression Complexity |
|---|
| 설명 | This report details multiple Regular Expression Denial of Service (ReDoS) vulnerabilities found in the rimraf-standalone.js script within the Hyper terminal repository. Specific regular expressions used for parsing glob patterns and comments are susceptible to catastrophic backtracking when processing maliciously crafted input strings. This can lead to excessive CPU consumption, effectively causing a denial of service.
This advisory provides proof-of-concept attack strings for each vulnerability and proposes fixes using lookaheads to mitigate the ReDoS risk. |
|---|
| 원천 | ⚠️ https://github.com/vercel/hyper/issues/8098 |
|---|
| 사용자 | DayShift (UID 80963) |
|---|
| 제출 | 2025. 06. 22. PM 03:50 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 04. PM 06:47 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 314973 [vercel hyper 까지 3.4.1 rimraf-standalone.js expand/braceExpand/ignoreMap 서비스 거부] |
|---|
| 포인트들 | 20 |
|---|