| Titel | Enderfga claw-orchestrator v2.7.0-v3.7.0 Inefficient Regular Expression Complexity |
|---|
| Beschreibung | The /session/grep endpoint accepts user-controlled regex patterns and only validates their syntax via validateRegex(), without any detection for catastrophic backtracking (ReDoS) patterns. Malicious regex patterns can trigger exponential backtracking during session search, blocking the Node.js event loop and causing a full server denial of service (DoS). All client requests share the same event loop, so a single malicious request can make the server unresponsive to all users.
More details: https://github.com/Enderfga/claw-orchestrator/issues/64 |
|---|
| Quelle | ⚠️ https://github.com/Enderfga/claw-orchestrator/issues/64 |
|---|
| Benutzer | ybdesire (UID 83239) |
|---|
| Einreichung | 12.05.2026 03:14 (vor 27 Tagen) |
|---|
| Moderieren | 31.05.2026 19:43 (20 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 367584 [Enderfga claw-orchestrator bis 3.7.0 Session Grep Endpoint embedded-server.ts validateRegex body.pattern Denial of Service] |
|---|
| Punkte | 20 |
|---|