DEV Community

Discussion on: JavaScript/Node Best Practices

Collapse
nirajkvinit profile image
Niraj Kumar Author

Here is an explanation:

ReDoS stands for Regular Expression Denial of Service. The ReDoS is an algorithmic complexity attack that produces a denial of service by providing a regular expression that takes a very long time to evaluate. The attack exploits the fact that most regular expression implementations have exponential time worst case complexity, so for larger input strings(the ‘evil regex’) the time taken by a regex engine to find a match increases exponentially.
geeksforgeeks.org/understanding-re...

Here is another:

A flawed Regular Expression pattern can be attacked in a manner where a provided user input for text to match will require an outstanding amount of CPU cycles to process the RegEx execution.
Such an attack will render a Node.js or JavaScript application unresponsive, and thus is referred to as a ReDoS — Regular Expression Denial of Service.
medium.com/@liran.tal/node-js-pitf...

Collapse
steevn profile image
steevn

Thank you.
Holy

Thread Thread
nirajkvinit profile image
Niraj Kumar Author

You're welcome :-)