C2Fo · Fast-Csv · CVE-2020-26256
**Name of the Vulnerable Software and Affected Versions**
fast-csv versions prior to 4.3.6
**Description**
The issue concerns a possible ReDoS vulnerability (Regular Expression Denial of Service) when using the `ignoreEmpty` option while parsing. This vulnerability was identified using a CodeQL query, which found the `EMPTY ROW REGEXP` regular expression to be vulnerable. The vulnerability can be exploited when the `ignoreEmpty` parsing option is used.
**Recommendations**
For fast-csv versions prior to 4.3.6, upgrade to version 4.3.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `ignoreEmpty` parsing option until the issue is resolved.