| शीर्षक | Enderfga claw-orchestrator v2.7.0-v3.7.0 Inefficient Regular Expression Complexity |
|---|
| विवरण | The /session/grep endpoint accepts user-controlled regex patterns and only validates their syntax via validateRegex(), without any detection for catastrophic backtracking (ReDoS) patterns. Malicious regex patterns can trigger exponential backtracking during session search, blocking the Node.js event loop and causing a full server denial of service (DoS). All client requests share the same event loop, so a single malicious request can make the server unresponsive to all users.
More details: https://github.com/Enderfga/claw-orchestrator/issues/64 |
|---|
| स्रोत | ⚠️ https://github.com/Enderfga/claw-orchestrator/issues/64 |
|---|
| उपयोगकर्ता | ybdesire (UID 83239) |
|---|
| सबमिशन | 12/05/2026 03:14 AM (25 दिन पहले) |
|---|
| संयम | 31/05/2026 07:43 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367584 [Enderfga claw-orchestrator तक 3.7.0 Session Grep Endpoint embedded-server.ts validateRegex body.pattern सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|