PT-2021-20214 · Roller · Roller

Ed Ra

Published

2021-08-18

Updated

2021-08-26

CVE-2021-33580

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Roller versions prior to 6.0.2

Description The issue arises from user-controlled inputs request.getHeader("Referer"), request.getRequestURL(), and request.getQueryString() being used to build and execute a regex expression. An attacker can send a specially crafted Referer header programmatically, without needing a browser, and potentially cause a ReDoS (Regular expression Denial of Service) through regex catastrophic backtracking on the server side.

Recommendations For versions prior to 6.0.2, update to Roller 6.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable regex functionality until the update can be applied. Avoid using the request.getHeader("Referer"), request.getRequestURL(), and request.getQueryString() inputs in the affected regex expression until the issue is resolved.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-33580

Affected Products

Roller

PT-2021-20214 · Roller · Roller

CVE-2021-33580

Weakness Enumeration

Related Identifiers

Affected Products

References · 7