amqp-match@0.1.0 vulnerabilities

simple library for matching amqp routing tokens, with *'s and #'s

latest version

0.1.1
first published

9 years ago
latest version published

7 days ago
licenses detected
- ISC
  >=0
View amqp-match package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the amqp-match package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) `amqp-match` is simple library for matching amqp routing tokens, with *'s and #'s. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. PoC by Sean Nicolas: `const match = require('amqp-match'); //Terminates fast console.log(match('foo', '#.bar')); //Takes too long console.log(match('foooooooooooooooooooooooooo', '#.bar'));` How to fix Regular Expression Denial of Service (ReDoS)? There is no fix version for `amqp-match`.	*

Regular Expression Denial of Service (ReDoS)

amqp-match is simple library for matching amqp routing tokens, with *'s and #'s. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. PoC by Sean Nicolas:

const match = require('amqp-match');

//Terminates fast
console.log(match('foo', '#.bar'));

//Takes too long
console.log(match('foooooooooooooooooooooooooo', '#.bar'));

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fix version for amqp-match.

Go back to all versions of this package

amqp-match@0.1.0 vulnerabilities

simple library for matching amqp routing tokens, with *'s and #'s

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities