Regular Expression Denial of Service

Module: riot-compiler

Published: March 21st, 2016

Reported by: Alberto Martínez

CVE-NONE

CWE-400

Vulnerable: 2.3.21
Patched: >2.3.21

Overview

Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability.

Remediation

Update to version 2.3.22 or later.

References

Issue #46