Impact
Possible ReDoS (Regular Expression Denial of Service) when using ignoreEmpty
option when parsing.
Patches
This has been patched in v4.3.6
Workarounds
You will only be affected by this if you use the ignoreEmpty
parsing option. If you do use this option it is recommended that you upgrade to the latest version v4.3.6
References
This vulnerability was found using a CodeQL query which identified EMPTY_ROW_REGEXP
regular expression as vulnerable.
Link to query run.
For more information
If you have any questions or comments about this advisory:
Impact
Possible ReDoS (Regular Expression Denial of Service) when using
ignoreEmpty
option when parsing.Patches
This has been patched in
v4.3.6
Workarounds
You will only be affected by this if you use the
ignoreEmpty
parsing option. If you do use this option it is recommended that you upgrade to the latest versionv4.3.6
References
This vulnerability was found using a CodeQL query which identified
EMPTY_ROW_REGEXP
regular expression as vulnerable.Link to query run.
For more information
If you have any questions or comments about this advisory: