const regex = /##\s(.)*?\\n/gm;
// Alternative syntax using RegExp constructor
// const regex = new RegExp('##\\s(.)*?\\\\n', 'gm')
const str = `## Overview\\nAffected versions of [deep-extend](https://www.npmjs.com/package/deep-extend) are vulnerable to Prototype Pollution. Utilities function in all the listed modules can be tricked into modifying the prototype of \\"Object\\" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object.\\n\\n## PoC by HoLyVieR\\n\`\`\`js\\nvar merge = require('deep-extend');\\nvar malicious_payload = '{\\"__proto__\\":{\\"oops\\":\\"It works !\\"}}';\\n\\nvar a = {};\\nconsole.log(\\"Before : \\" + a.oops);\\nmerge({}, JSON.parse(malicious_payload));\\nconsole.log(\\"After : \\" + a.oops);\\n\`\`\`\\n\\n## Remediation\\nUpgrade \`deep-extend\` to version 0.5.1 or higher.\\n\\n## References\\n- [HackerOne Report](https://hackerone.com/reports/311333)\\n- [GitHub Commit](https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f)\\n- [GitHub PR](https://github.com/unclechu/node-deep-extend/pull/40)\\n- [GitHub Issue](https://github.com/unclechu/node-deep-extend/issues/39)`;
// Reset `lastIndex` if this regex is defined globally
// regex.lastIndex = 0;
let m;
while ((m = regex.exec(str)) !== null) {
// This is necessary to avoid infinite loops with zero-width matches
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
console.log(`Found match, group ${groupIndex}: ${match}`);
});
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions