Rust

Rust

By DeepSource

Usage of DoS vulnerable version of regex crate RS-S1015

Security

The regex Rust library prior to version 1.5.5 is vulnerable to regular expression denial of service (ReDoS) attacks. Ensure that you use version 1.5.5 or above in Cargo.toml dependencies for regex.

ReDoS is a vulnerability linked to the fact that some inputs may hang the parser indefinitely, causing a Denial Of Service.

Bad practice

[dependencies]
regex = "<=1.5.4"

Only raised if regex crate is version 1.5.4 or lower.

Recommended

[dependencies]
regex = ">=1.5.5"