By DeepSource

Usage of DoS vulnerable version of regex crate RS-S1015

Security cwe-1333

The regex Rust library prior to version 1.5.5 is vulnerable to regular expression denial of service (ReDoS) attacks. Ensure that you use version 1.5.5 or above in Cargo.toml dependencies for regex.

ReDoS is a vulnerability linked to the fact that some inputs may hang the parser indefinitely, causing a Denial Of Service.

Bad practice

regex = "<=1.5.4"

Only raised if regex crate is version 1.5.4 or lower.


regex = ">=1.5.5"