GMS-2019-22: Regular Expression Denial of Service

June 20, 2019 (updated February 25, 2021)

A Regular Expression Denial of Service vulnerability was discovered in esm The issue is that esm’s find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

References

github.com/advisories/GHSA-qx4v-6gc5-f2vv
github.com/standard-things/esm/commit/c41e001d81a5a52b0d2d1722b1c2af04d997c05b
github.com/standard-things/esm/issues/694

Detect and mitigate GMS-2019-22 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →