CVE-2009-1190: Regular expression denial of service (ReDOS)

April 27, 2009 (updated October 30, 2018)

Algorithmic complexity vulnerability in this package allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

References

support.springsource.com/security/cve-2009-1190
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1190

Code Behaviors & Features

Detect and mitigate CVE-2009-1190 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →