Tokyo-Stack

**Name of the Vulnerable Software and Affected Versions** Flag Forge versions 2.3.2 and below **Description** Flag Forge is a Capture The Flag (CTF) platform susceptible to a Regular Expression Denial of Service (ReDoS) condition. The issue resides in the user profile API endpoint, `/api/user/[username]`. The application dynamically builds a regular expression using unescaped user input, specifically the `username` parameter. An attacker can exploit this by providing a specially crafted username containing regex meta-characters, such as deeply nested groups or quantifiers. This manipulation causes the MongoDB regex engine to consume excessive CPU resources, potentially leading to a Denial of Service for other users. **Recommendations** Versions prior to 2.3.3 should be updated to version 2.3.3 or later. Implement a Web Application Firewall (WAF) rule to block requests containing regex meta-characters in the URL path.