Mjambon

**Name of the Vulnerable Software and Affected Versions** giturlparse versions through 1.2.2 Semgrep versions 1.5.2 through 1.24.1 **Description** The issue is related to ReDoS (Regular Expression Denial of Service) when parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package, and that package's author placed a ReDoS attack payload in a URL used by the package. **Recommendations** For giturlparse versions through 1.2.2, update to a version that fixes the ReDoS vulnerability. For Semgrep versions 1.5.2 through 1.24.1, update to a version that uses a fixed version of giturlparse. As a temporary workaround, consider restricting the analysis of untrusted packages in Semgrep until a patch is available.