Regular Expression Denial of Service

Module: no-case

Published: September 8th, 2017

Reported by: Cristian-Alexandru Staicu

CVE-NONE

CWE-400

Vulnerable: <2.3.2
Patched: >=2.3.2

Overview

Affected versions of no-case are vulnerable to a regular expression denial of service when parsing untrusted user input.

Remediation

Update to version 2.3.2 or later.

References

Issue #17