2 matches found
CVE-2021-33580
User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...
CVE-2021-33580 regex injection leading to DoS
User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...