Salvatore-Abello

Name of the Vulnerable Software and Affected Versions: CTFd version 3.7.3 Description: The issue is related to the `validate email` function in CTFd/utils/validators/ init .py, which allows attackers to cause a Regular expression Denial of Service (ReDoS) by providing a crafted string as an email address during registration. This can lead to a denial of service. Recommendations: For CTFd version 3.7.3, consider disabling the `validate email` function until a patch is available to prevent exploitation. Restrict access to the registration functionality to minimize the risk of ReDoS attacks. Avoid using the `email` variable in the affected registration endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** xhtml2pdf version 0.2.13 **Description** The issue allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string to the `getcolor` function in `utils.py`. This can be exploited by providing a specifically designed input. **Recommendations** For xhtml2pdf version 0.2.13, consider disabling the `getcolor` function in `utils.py` until a patch is available to prevent potential ReDOS attacks. Restrict the input to the `getcolor` function to minimize the risk of exploitation.