You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are multiple regular expression used for parsing the user agent which are vulnerable to ReDoS, e.g.:
/(?=.*\bAndroid\b)(?=.*\bSD4930UR\b)/i
The slowdown is relatively serious because multiple such regexs are checked against the user agent: for 40.000 characters around 22 seconds matching time. I would suggest one of the following:
remove the regex,
anchor the regex,
limit the number of characters that can be matched by the repetition,
limit the input size.
If needed, I can provide an actual example showing the slowdown.
The text was updated successfully, but these errors were encountered:
There are multiple regular expression used for parsing the user agent which are vulnerable to ReDoS, e.g.:
/(?=.*\bAndroid\b)(?=.*\bSD4930UR\b)/iThe slowdown is relatively serious because multiple such regexs are checked against the user agent: for 40.000 characters around 22 seconds matching time. I would suggest one of the following:
If needed, I can provide an actual example showing the slowdown.
The text was updated successfully, but these errors were encountered: