GMS-2017-215: Regular Expression Denial of Service

September 25, 2017

slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About k characters can block the event loop for 2 seconds.

References

github.com/dodo/node-slug/issues/82

Detect and mitigate GMS-2017-215 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →