insane vulnerable to Regular Expression Denial of Service
Moderate severity
GitHub Reviewed
Published
Oct 26, 2024
to the GitHub Advisory Database
•
Updated Nov 13, 2024
Description
Published by the National Vulnerability Database
Oct 26, 2024
Published to the GitHub Advisory Database
Oct 26, 2024
Reviewed
Oct 28, 2024
Last updated
Nov 13, 2024
insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
References