Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement interface to use Email::Address #35

Open
KES777 opened this issue Dec 10, 2016 · 2 comments
Open

Implement interface to use Email::Address #35

KES777 opened this issue Dec 10, 2016 · 2 comments

Comments

@KES777
Copy link

KES777 commented Dec 10, 2016

Why to not use fastest module Email::Address?
@pali
Copy link

pali commented Feb 18, 2017

Why to not use? Because of CVE-2015-7686 (Algorithmic complexity vulnerability):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686

Do not use Email::Address for parsing untrusted input.

@pali
Copy link

pali commented Jul 12, 2017

And Email::Address is not fast. Included benchmark execute repeated same patterns without disabling Email::Address cache. Which means that Email::Address looks-like fast, but only for case when it has parsed input string already in cache.

Anyway, you can use Email::Address::XS which is aims to be correct, fast and without exponential time complexity in worst case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KES777 @pali