use strict;
my $str = '## Overview\\nAffected versions of [deep-extend](https://www.npmjs.com/package/deep-extend) are vulnerable to Prototype Pollution. Utilities function in all the listed modules can be tricked into modifying the prototype of \\"Object\\" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object.\\n\\n## PoC by HoLyVieR\\n```js\\nvar merge = require(\'deep-extend\');\\nvar malicious_payload = \'{\\"__proto__\\":{\\"oops\\":\\"It works !\\"}}\';\\n\\nvar a = {};\\nconsole.log(\\"Before : \\" + a.oops);\\nmerge({}, JSON.parse(malicious_payload));\\nconsole.log(\\"After : \\" + a.oops);\\n```\\n\\n## Remediation\\nUpgrade `deep-extend` to version 0.5.1 or higher.\\n\\n## References\\n- [HackerOne Report](https://hackerone.com/reports/311333)\\n- [GitHub Commit](https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f)\\n- [GitHub PR](https://github.com/unclechu/node-deep-extend/pull/40)\\n- [GitHub Issue](https://github.com/unclechu/node-deep-extend/issues/39)';
my $regex = qr/##\s(.)*?\\n/mp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html