Safeguard
Tag

redos

Safeguard articles tagged "redos" — guides, analysis, and best practices for software supply chain and application security.

36 articles

Application Security

How catastrophic regex backtracking causes ReDoS — and how to stop it

A single bad regex took Cloudflare's global network to ~100% CPU for 27 minutes in 2019. Here's the backtracking mechanics behind ReDoS and how to rewrite unsafe patterns.

Jul 13, 20266 min read
Security Guides

ReDoS: Regular Expression Denial of Service in JavaScript

A single bad regex can freeze your entire Node.js event loop on one malicious request. Here is how catastrophic backtracking works, how to spot vulnerable patterns, and how to fix them without rewriting everything.

Jul 8, 20266 min read
Application Security

ReDoS in Python and FastAPI: how one regex takes down an event loop

CVE-2024-3772 let a single crafted email string trigger catastrophic backtracking in Pydantic's own validator — the exact code path every FastAPI request body runs through.

Jul 8, 20266 min read
Security Guides

semver (npm) Security Guide (2026)

semver is the version-parsing library at the heart of npm itself — and a single ReDoS CVE in its range parser turned this universal dependency into one of the most widely flagged advisories in the JavaScript ecosystem.

Jul 6, 20266 min read
Vulnerability Guides

What is ReDoS (Regular Expression Denial of Service)?

A single badly written regular expression can freeze an entire service under a short, crafted input. This is ReDoS — and it has taken down Cloudflare and Stack Overflow. Here's how to avoid it.

Jul 5, 20265 min read
Application Security

Regular Expression Denial of Service (ReDoS) explained

ReDoS turns a single crafted string into an exponential-time attack. Here's how catastrophic backtracking works, real CVEs, and how to detect it.

May 29, 20265 min read
Vulnerability Analysis

Regular expression DoS in the ms npm package

A ReDoS flaw in the ubiquitous npm package ms (CVE-2015-8315) still surfaces in dependency scans today. Here's the impact, fix, and remediation steps.

May 2, 20267 min read
Vulnerability Analysis

path-parse regular expression denial of service (CVE-2021-23343)

A ReDoS flaw in path-parse (CVE-2021-23343) lurks deep in webpack and resolve dependency trees. Here's the impact, timeline, and how to fix it.

Jan 3, 20267 min read
Vulnerability Analysis

browserslist ReDoS vulnerability (CVE-2021-23364)

A ReDoS flaw in browserslist (CVE-2021-23364) let crafted query strings stall builds across the JS ecosystem. Here's the full breakdown and fix.

Jan 3, 20267 min read
Vulnerability Analysis

ansi-regex ReDoS vulnerability (CVE-2021-3807)

CVE-2021-3807 is a ReDoS flaw in the widely-used ansi-regex npm package. Here's the impact, affected versions, CVSS/EPSS context, and how to fix it.

Jan 3, 20268 min read
Vulnerability Analysis

nth-check ReDoS vulnerability (CVE-2021-3803)

CVE-2021-3803 turned a niche CSS selector parser into an ecosystem-wide audit headache. Here's the real exploitability picture and how to fix it.

Jan 2, 20268 min read
Vulnerability Analysis

cross-spawn ReDoS vulnerability (CVE-2024-21538)

CVE-2024-21538 is a ReDoS flaw in the widely-used cross-spawn npm package. Learn the impact, CVSS/EPSS context, and how to remediate it.

Jan 1, 20267 min read
redos — Safeguard Blog