Created
February 14, 2024 22:36
-
-
Save 6en6ar/c792d8337b63f095cbda907e834cb4ba to your computer and use it in GitHub Desktop.
Security issue inside urlite through version v.3.1.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite" | |
(https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is | |
provided to the application that parses a URL. When a malicious payload is provided to the parsing | |
function the application will hang for indefinite amount of time causing Denial of Service. | |
If more requests are sent using the same payload it can result in | |
Distributed Denial of service potentially rendering the service unavailable. | |
Payload that was used: | |
var payload ='//:' + '\t:\t'.repeat(90000)+ '\t' | |
var parsed = urlite.parse(payload) | |
This will cause 17 second delay for the function to process the input. | |
This can be increased since there is no limit on the input length |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment