You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
redos
About this tag
ReDoS, or Regular Expression Denial of Service, is a vulnerability where specially crafted input causes a regex engine to enter catastrophic backtracking, leading to excessive CPU consumption and service disruption. On WindowsForum, discussions cover notable CVEs such as CVE-2026-33671 in Picomatch, CVE-2022-25883 in the semver package, and CVE-2021-42836 in GJSON. These threads detail how the flaws are triggered, their impact on Node.js and Go applications, and the patched versions that mitigate the risk. The tag is relevant for developers and IT professionals managing dependencies in JavaScript, Go, and other ecosystems where regex-based parsing is common.
Picomatch’s ReDoS flaw is a reminder that small parsing bugs can become big availability problems
A new CVE-2026-33671 advisory is drawing attention to a familiar but still dangerous class of bug: regular expression denial of service, or ReDoS, in the JavaScript glob matcher Picomatch. The issue...
The semver package—ubiquitous in the npm ecosystem—contained a Regular Expression Denial of Service (ReDoS) flaw that lets attackers hang or crash Node.js processes when untrusted input is parsed as a version range, and the vulnerability is tracked as CVE-2022-25883 with fixes released in semver...
GJSON versions before 1.9.3 contain a Regular Expression Denial of Service (ReDoS) flaw — tracked as CVE-2021-42836 — that can be triggered by crafted JSON paths or queries and allow an attacker to drive CPU consumption to the point of service disruption.
Background / Overview
GJSON is a widely...
I keep getting dropdown boxes saying undo,redo,cutetc plus others that say back, forward, reload,print, translate,favorites etc. When typing a sentence a box drops down characters get moved back in the sentence or other locations. This renders any typing unless.
Thanks
Roger