Why can ReDos do a lot of Damage to JS Web Servers?
Two Researchers from the University of Darmstadt Germany named Cristian Alexandru Staicu and Michael Pradel found 25 previously unknown vulnerabilities in NodeJs modules.
The exploit packages may cause vulnerable systems to freeze for a number of minutes when the server tries to match the pattern in the regular expression in order to decide what to do with the sent payload.
How many libraries were affected?
The researchers performed a scan of 2,846 popular NodeJS libraries over 300 libraries were found to contain ReDoS vulnerabilities.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018