Regular Expression Denial of Service (ReDoS)
Affecting decamelize package, versions >=1.1.0 <1.1.2
decamelize converts a camelized string into a lowercased one with a custom separator.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The seperators are not escaped and may allow an attacker to send seperators like
|, which will cause the regex parser to hang for long periods of time.
decamelize to version 1.1.2 or higher.
Do your applications use this vulnerable package?
- Jay Freeman
- Snyk ID
- 23 Dec, 2015
- 16 Apr, 2017