[bugfix] Fix redos in preprocessRFC2822 regex (#6015)

* fix ReDoS in preprocessRFC2822 regex Fixes: [#2936](#6012) Disallow nested rfc2822 comments to prevent quadratic regex execution time (i.e each open bracket is considered at most twice).
moment · Jul 6, 2022 · 9a3b589 · 9a3b589
1 parent 6374fd8
commit 9a3b589
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/lib/create/from-string.js b/src/lib/create/from-string.js
@@ -151,7 +151,7 @@ function untruncateYear(yearStr) {
 function preprocessRFC2822(s) {
     // Remove comments and folding whitespace and replace multiple-spaces with a single space
     return s
-        .replace(/\([^)]*\)|[\n\t]/g, ' ')
+        .replace(/\([^()]*\)|[\n\t]/g, ' ')
         .replace(/(\s\s+)/g, ' ')
         .replace(/^\s\s*/, '')
         .replace(/\s\s*$/, '');