GMS-2020-526: Regular Expression Denial of Service in sql-injection

September 3, 2020

All versions of sql-injection are vulnerable to Regular Expression Denial of Service. The package processes a request’s body with regular expressions that may take exponentially longer to execute for large inputs. No fix is currently available. Consider using an alternative package until a fix is made available.

References

github.com/advisories/GHSA-hvxq-j2r4-4jm8
www.npmjs.com/advisories/1163

Code Behaviors & Features

Detect and mitigate GMS-2020-526 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →