hosted-git-info
before versions 2.8.9 and 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity
Upgrade to version 3.0.8 or later
CPE | Name | Operator | Version |
---|---|---|---|
hosted-git-info | lt | 2.8.9 || >=3.0.0 <3.0.8 |