You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Was updating Moment.js for a project to remove the ability for certain ReDOS attacks. While searching, the isTimeSpan function from this repo came up and mentioned that it used some regex from Moment.js in comments:
//expressive.annotations.validate.js Line 491isTimeSpan: function(value){return/(\-)?(?:(\d*)\.)?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?)?/.test(value);// regex for recognition of .NET style timespan string, taken from moment.js v2.9.0},
I checked and found that this line fails an automated ReDOS check. This is unsuprising due to the amount of ReDOS bugs that moment.js has fixed over the years.
The text was updated successfully, but these errors were encountered:
Was updating Moment.js for a project to remove the ability for certain ReDOS attacks. While searching, the
isTimeSpanfunction from this repo came up and mentioned that it used some regex from Moment.js in comments:I checked and found that this line fails an automated ReDOS check. This is unsuprising due to the amount of ReDOS bugs that moment.js has fixed over the years.
The text was updated successfully, but these errors were encountered: