CVE-2017-16116: Uncontrolled Resource Consumption

June 7, 2018 (updated October 9, 2019)

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

References

nvd.nist.gov/vuln/detail/CVE-2017-16116

Code Behaviors & Features

Detect and mitigate CVE-2017-16116 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →