Headline
CVE-2021-37262: [SECURITY] Denial of service because of unsafe regex processing · Issue #23 · jflyfox/jfinal_cms
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
I have tried to contact you by [email protected] and created #22 asking for the contact. Nobody replied.
The JFinal_cms is vulnerable to regex injection that may lead to Denial of Service.
User controlled path and contextPath are used to build and run a regex expression (first argument to replaceFirst):
protected String getFilePath() {
String path = this.get.get(“path”);
return getFilePath(path);
}
/**
* get File Path
* <p>
* 2016年2月26日 下午3:47:37 flyfox [email protected]
*
* @return
*/
protected String getFilePath(String path) {
String contextPath = this.get.get(“contextPath”);
// 根目录
if (StrUtils.isEmpty(contextPath)) {
return path;
}
if (path.startsWith(contextPath)) {
path = path.replaceFirst(contextPath, “”);
Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side.