rspec/rules/S2631/comments-and-links.adoc

=== Related: RSPEC-4784

=== Supercedes: RSPEC-4784

=== On 2018-05-04T11:38:29Z Dinesh Bolkensteyn Wrote:
The next step is to identify hard-coded regex that are vulnerable, against which externally-provided strings will be matched.


This should enable us to detect CVE-2015-2526, see \http://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html


With both of these rules, we'll have full coverage of the ReDoS attack.
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`=== Related: RSPEC-4784`

			`=== Supercedes: RSPEC-4784`

			`=== On 2018-05-04T11:38:29Z Dinesh Bolkensteyn Wrote:`
			`The next step is to identify hard-coded regex that are vulnerable, against which externally-provided strings will be matched.`


			`This should enable us to detect CVE-2015-2526, see \http://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html`


			`With both of these rules, we'll have full coverage of the ReDoS attack.`