CS Money: ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)
Summary: The endpoint /graphql has a vulnerable query operation named "search", that can I send a Regex malformed parameter, in order to trick the original regular expression to a regex bomb expression. + Payload with a "common" search, querying the value "AAA": query a searchq: "AAA", lang: "en"...