Impact
Possible ReDoS (Regular Expression Denial of Service) when using ignoreEmpty option when parsing.
Patches
This has been patched in v4.3.6
Workarounds
You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to the latest version v4.3.6
References
This vulnerability was found using a CodeQL query which identified EMPTY_ROW_REGEXP regular expression as vulnerable.
Link to query run.
For more information
If you have any questions or comments about this advisory:
Impact
Possible ReDoS (Regular Expression Denial of Service) when using
ignoreEmptyoption when parsing.Patches
This has been patched in
v4.3.6Workarounds
You will only be affected by this if you use the
ignoreEmptyparsing option. If you do use this option it is recommended that you upgrade to the latest versionv4.3.6References
This vulnerability was found using a CodeQL query which identified
EMPTY_ROW_REGEXPregular expression as vulnerable.Link to query run.
For more information
If you have any questions or comments about this advisory: