CVE-2024-46242

Name of the Vulnerable Software and Affected Versions: CTFd version 3.7.3

Description: The issue is related to the validate email function in CTFd/utils/validators/ init .py, which allows attackers to cause a Regular expression Denial of Service (ReDoS) by providing a crafted string as an email address during registration. This can lead to a denial of service.

Recommendations: For CTFd version 3.7.3, consider disabling the validate email function until a patch is available to prevent exploitation. Restrict access to the registration functionality to minimize the risk of ReDoS attacks. Avoid using the email variable in the affected registration endpoint until the issue is resolved.