CVE-2023-45813

Name of the Vulnerable Software and Affected Versions Torbot versions prior to 4.0.0

Description The issue concerns the torbot.modules.validators.validate link function, which uses the python-validators URL validation regex. This regular expression has exponential complexity, allowing an attacker to cause an application crash using a well-crafted argument. An attacker can exploit the vulnerability in the regular expression using a well-crafted URL argument, causing a Denial of Service on the system.

Recommendations For versions prior to 4.0.0, users are advised to upgrade to version 4.0.0 or later, as the validators file has been removed in this version, resolving the issue. As a temporary workaround, consider disabling the torbot.modules.validators.validate link function until a patch is available.