| Título | Enderfga claw-orchestrator v2.7.0-v3.7.0 Inefficient Regular Expression Complexity |
|---|
| Descrição | The /session/grep endpoint accepts user-controlled regex patterns and only validates their syntax via validateRegex(), without any detection for catastrophic backtracking (ReDoS) patterns. Malicious regex patterns can trigger exponential backtracking during session search, blocking the Node.js event loop and causing a full server denial of service (DoS). All client requests share the same event loop, so a single malicious request can make the server unresponsive to all users.
More details: https://github.com/Enderfga/claw-orchestrator/issues/64 |
|---|
| Fonte | ⚠️ https://github.com/Enderfga/claw-orchestrator/issues/64 |
|---|
| Utilizador | ybdesire (UID 83239) |
|---|
| Submissão | 12/05/2026 03h14 (há 29 dias) |
|---|
| Moderação | 31/05/2026 19h43 (20 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 367584 [Enderfga claw-orchestrator até 3.7.0 Session Grep Endpoint embedded-server.ts validateRegex body.pattern Negação de Serviço] |
|---|
| Pontos | 20 |
|---|