The package hosted-git-info prior to 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
npmjs hosted-git-info |
||
siemens sinec infrastructure network services |