GMS-2017-214: Regular Expression Denial of Service

September 25, 2017

The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

References

github.com/jprichardson/string.js/issues/212

Code Behaviors & Features

Detect and mitigate GMS-2017-214 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →