From 3ffd0c0cf29caf73b76d1132af6796ebf42a3fed Mon Sep 17 00:00:00 2001 From: Swopnil Dangol Date: Tue, 26 Aug 2025 13:27:05 +0100 Subject: [PATCH 1/2] Updated the regex to prevent regex exploitation with strings starting with lot of (( --- packages/logger/src/formatter/LogFormatter.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/logger/src/formatter/LogFormatter.ts b/packages/logger/src/formatter/LogFormatter.ts index 89273f73d2..525be7fc82 100644 --- a/packages/logger/src/formatter/LogFormatter.ts +++ b/packages/logger/src/formatter/LogFormatter.ts @@ -162,7 +162,7 @@ abstract class LogFormatter { } const stackLines = stack.split('\n'); - const regex = /\(([^)]*?):(\d+?):(\d+?)\)\\?$/; + const regex = /\(([^())]*?):(\d+?):(\d+?)\)\\?$/; for (const item of stackLines) { const match = regex.exec(item); From 95f7a5a619eb21282573d8f1166438b6ba1c7fbd Mon Sep 17 00:00:00 2001 From: Swopnil Dangol Date: Tue, 26 Aug 2025 15:02:40 +0100 Subject: [PATCH 2/2] Removed a duplicate bracket in the regex --- packages/logger/src/formatter/LogFormatter.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/logger/src/formatter/LogFormatter.ts b/packages/logger/src/formatter/LogFormatter.ts index 525be7fc82..55bfe7088c 100644 --- a/packages/logger/src/formatter/LogFormatter.ts +++ b/packages/logger/src/formatter/LogFormatter.ts @@ -162,7 +162,7 @@ abstract class LogFormatter { } const stackLines = stack.split('\n'); - const regex = /\(([^())]*?):(\d+?):(\d+?)\)\\?$/; + const regex = /\(([^()]*?):(\d+?):(\d+?)\)\\?$/; for (const item of stackLines) { const match = regex.exec(item);