CVE-2020-26305: CommonRegexJS Regular Expression Denial of Service vulnerability

October 26, 2024 (updated November 13, 2024)

CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.

References

github.com/advisories/GHSA-pmvv-57rg-5g86
github.com/talyssonoc/CommonRegexJS
github.com/talyssonoc/CommonRegexJS/issues/4
nvd.nist.gov/vuln/detail/CVE-2020-26305
securitylab.github.com/advisories/GHSL-2020-291-redos-CommonRegexJS

Code Behaviors & Features

Detect and mitigate CVE-2020-26305 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →