Regular Expression Denial of Service

Module: riot-compiler

Published: March 21st, 2016

Reported by: Alberto Martínez

CVE-NONE

CWE-

Vulnerable: 2.3.21
Patched: >2.3.21

Overview

The riot-compiler version version 2.3.21 "has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions"

It should be noted that 2.3.21 has been unpublished.

Thanks to Sven Slootweg for letting us know about this issue.

Remediation

Upgrade to version 2.3.22 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo