Regular Expression Denial of Service

Module: fresh

Published: September 26th, 2017

Reported by: Cristian-Alexandru Staicu

CVE-NONE

CWE-400

Vulnerable: < 0.5.2
Patched: >= 0.5.2

Overview

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input.

Remediation

Update to version 0.5.2 or later.