GHSA-hx7h-9vf7-5xhg: Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
There is a ReDoS vulnerability risk in the system, specifically when administrators create notification through the web service(pushdeer and whapi). If a string is provided that triggers catastrophic backtracking in the regular expression, it may lead to a ReDoS attack.
References
- gist.github.com/ShiyuBanzhou/26c918f93b07f5ce90e8f7000d29c7a0
- gist.github.com/ShiyuBanzhou/bf4cee61603e152c114fa8c4791f9f28
- github.com/advisories/GHSA-hx7h-9vf7-5xhg
- github.com/louislam/uptime-kuma
- github.com/louislam/uptime-kuma/pull/5573
- github.com/louislam/uptime-kuma/security/advisories/GHSA-hx7h-9vf7-5xhg
Code Behaviors & Features
Detect and mitigate GHSA-hx7h-9vf7-5xhg with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →