Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Regular expression injection #1783

Open
Dimfacion opened this issue Oct 30, 2024 · 1 comment · Fixed by #2137
Open

[security] Regular expression injection #1783

Dimfacion opened this issue Oct 30, 2024 · 1 comment · Fixed by #2137
Labels
bug use for describing something not working as expected security use to identify issue related to security
Milestone
Bugs backlog

Comments

@Dimfacion
Copy link
Member

Description

Unsanitized input from the request URL flows into java.util.regex.Pattern.compile, where it is used in a regular expression. This may result in a Regular Expression Injection vulnerability which could lead to a Denial of Service attack.

Concerned files on 1.8.0 :
openbas-api/src/main/java/io/openbas/rest/challenge/ChallengeApi.java:126

‎openbas-api/src/main/java/io/openbas/rest/challenge/ChallengeApi.java:139
@Dimfacion Dimfacion added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team security use to identify issue related to security and removed needs triage use to identify issue needing triage from Filigran Product team labels Oct 30, 2024
@EllynBsc EllynBsc added this to the Bugs backlog milestone Oct 30, 2024
@RomuDeuxfois RomuDeuxfois mentioned this issue Dec 30, 2024
Merged
@RomuDeuxfois RomuDeuxfois self-assigned this Dec 30, 2024
RomuDeuxfois added a commit that referenced this issue Dec 31, 2024
@RomuDeuxfois
[backend] Fix Regular expression injection (#1783)
15c39f3
@RomuDeuxfois RomuDeuxfois added the solved The issue has been solved label Dec 31, 2024
@RomuDeuxfois RomuDeuxfois reopened this Jan 15, 2025
@RomuDeuxfois
Copy link
Member

Need to find a better way to be handled in Snyk side

@RomuDeuxfois RomuDeuxfois removed the solved The issue has been solved label Jan 15, 2025
@RomuDeuxfois RomuDeuxfois removed their assignment Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected security use to identify issue related to security
Projects
None yet
Milestone
Bugs backlog
Development

Successfully merging a pull request may close this issue.

[backend] Fix Regular expression injection OpenBAS-Platform/openbas
3 participants
@Dimfacion @EllynBsc @RomuDeuxfois