zulip@0.4.4 vulnerabilities
Bindings for the Zulip message API
-
latest version
0.9.0
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
6 months ago
-
licenses detected
- [0.2.2,0.7.0)
Direct Vulnerabilities
Known vulnerabilities in the zulip package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
zulip is a Bindings for the Zulip message API. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages to exploit this issue. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,0.4.7)
|