On 9 May 2017 at 13:12, Ævar Arnfjörð Bjarmason <ava...@gmail.com> wrote: > On Tue, May 9, 2017 at 2:37 AM, brian m. carlson > <sand...@crustytoothpaste.net> wrote: >> On Tue, May 09, 2017 at 02:00:18AM +0200, Ævar Arnfjörð Bjarmason wrote: > * gitweb is vulnerable to CPU DoS now in its default configuration. > It's easy to provide an ERE that ends up slurping up 100% CPU for > several seconds on any non-trivial sized repo, do that in parallel & > you have a DoS vector.
Does one need an ERE? Can't one do that now to many parts of git just with a glob? Yves
