Tree - rpms/rh-nodejs12-nodejs-nodemon

rpms / rh-nodejs12-nodejs-nodemon

Files

Blob Blame History Raw

From 099828b738527c3a1e9fcba8ed9b0b1a5103526f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 2 Jul 2021 16:30:14 +0200
Subject: [PATCH] Fix ReDoS for data URLs

Backported from
https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103

Signed-off-by: rpm-build <rpm-build>
---
 node_modules/got/node_modules/normalize-url/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node_modules/got/node_modules/normalize-url/index.js b/node_modules/got/node_modules/normalize-url/index.js
index 4eea255..2ab7f57 100644
--- a/node_modules/got/node_modules/normalize-url/index.js
+++ b/node_modules/got/node_modules/normalize-url/index.js
@@ -11,7 +11,7 @@ const testParameter = (name, filters) => {
 };
 
 const normalizeDataURL = (urlString, {stripHash}) => {
-	const parts = urlString.match(/^data:(.*?),(.*?)(?:#(.*))?$/);
+	const parts = urlString.match(/^data:([^,]*?),([^#]*?)(?:#(.*))?$/);
 
 	if (!parts) {
 		throw new Error(`Invalid URL: ${urlString}`);
-- 
2.31.1

rpms / rh-nodejs12-nodejs-nodemon

Source Code

Files