Skip to content

Instantly share code, notes, and snippets.

@6en6ar
Created February 14, 2024 22:36
Show Gist options
  • Save 6en6ar/c792d8337b63f095cbda907e834cb4ba to your computer and use it in GitHub Desktop.
Save 6en6ar/c792d8337b63f095cbda907e834cb4ba to your computer and use it in GitHub Desktop.
Security issue inside urlite through version v.3.1.0
A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite"
(https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is
provided to the application that parses a URL. When a malicious payload is provided to the parsing
function the application will hang for indefinite amount of time causing Denial of Service.
If more requests are sent using the same payload it can result in
Distributed Denial of service potentially rendering the service unavailable.
Payload that was used:
var payload ='//:' + '\t:\t'.repeat(90000)+ '\t'
var parsed = urlite.parse(payload)
This will cause 17 second delay for the function to process the input.
This can be increased since there is no limit on the input length
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment