Open nullify-infotrack[bot] opened 6 months ago
/nullify fix this vuln 01HTEAR31QTNFP74BRNKTEQV26 test
/nullify can you please open a PR to fix this issue 01HTEAR31QTNFP74BRNKTEQV26
I have opened a pull request to fix the NoSQL injection vulnerability in the findOne()
function as requested. You can review and merge the changes from this link.
ID: 01HTEC7NV82M2VCKATWAJVXTSJ
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node md5
MD5 is a a weak hash which is known to have collision. Use a strong hashing function.
/nullify can you please raise a PR to resolve this issue?
/nullify please raise PR and fix issue 01HTES3V4Z69ZFDY9R8GJRDF9V
I have raised a pull request to fix the NoSQL injection vulnerability in the wallet route, which is identified by the ID 01HTES3V4Z69ZFDY9R8GJRDF9V. You can review and merge the changes from this pull request.
Severity Threshold: 🔵 MEDIUM
103 Potential vulnerability sources found within this repo
🔴 CRITICAL
🟡 HIGH
🔵 MEDIUM
⚪ LOW
ID: 01HTES3V4Z69ZFDY9R3YT5AZ65
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L37-L49 #
ID: 01HTES3V4Z69ZFDY9R1P43J258
Language: Containerfile
Severity: 🟡 HIGH
AVD-DS-0002
Image user should not be 'root'
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. Read more: https://avd.aquasec.com/misconfig/ds002 https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/test/smoke/Dockerfile#L1 #
ID: 01HTES3V4Z69ZFDY9R1RCG2CGD
Language: Containerfile
Severity: 🟡 HIGH
AVD-DS-0025
'apk add' is missing '--no-cache'
You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size. Read more: https://avd.aquasec.com/misconfig/ds025 https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/test/smoke/Dockerfile#L3 #
ID: 01HTES3V4Z69ZFDY9R8GJRDF9V
Language: OpenAPI
Severity: 🟡 HIGH
CKV_OPENAPI_3
Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files
Read more: https://docs.bridgecrew.io/docs/ensure-that-security-schemes-dont-allow-cleartext-credentials-over-unencrypted-channel https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/swagger.yml#L29-L33 #
ID: 01HTES3V4Z69ZFDY9R6BTSNAME
Language: TypeScript
Severity: 🟡 HIGH
CWE-502
Yaml deserialize
User controlled data in 'yaml.load()' function can result in Remote Code Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/server.ts#L48 #
ID: 01HTES3V4Z69ZFDY9R1YH310K4
Language: Containerfile
Severity: 🟡 HIGH
AVD-DS-0029
'apt-get' missing '--no-install-recommends'
'apt-get' install should use '--no-install-recommends' to minimize image size. Read more: https://avd.aquasec.com/misconfig/ds029 https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/Dockerfile#L25 #
ID: 01HTES3V4Z69ZFDY9R66ZM29KY
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/wallet.ts#L24 #
ID: 01HTES3V4Z69ZFDY9R64XNSVY4
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/wallet.ts#L23-L24 #
ID: 01HTES3V4Z69ZFDY9R62XZFER7
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/wallet.ts#L12 #
ID: 01HTES3V4Z69ZFDY9R5X43R6F1
Language: TypeScript
Severity: 🟡 HIGH
CWE-502
Yaml deserialize
User controlled data in 'yaml.load()' function can result in Remote Code Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/vulnCodeFixes.ts#L80 #
ID: 01HTES3V4Z69ZFDY9R5MPCE5KR
Language: TypeScript
Severity: 🟡 HIGH
CWE-807
Node logic bypass
User controlled data is used for application business logic decision making. This expose protected data or functionality. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/verify.ts#L60 #
ID: 01HTES3V4Z69ZFDY9R5HR50HNN
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL js injection
Untrusted user input in MongoDB $where operator can result in NoSQL JavaScript Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/trackOrder.ts#L15-L27 #
ID: 01HTES3V4Z69ZFDY9R5EVC1W9E
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL js injection
Untrusted user input in MongoDB $where operator can result in NoSQL JavaScript Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/showProductReviews.ts#L30-L44 #
ID: 01HTES3V4Z69ZFDY9R5CDHYFGX
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/securityQuestion.ts#L14-L19 #
ID: 01HTES3V4Z69ZFDY9R5C7SC487
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/securityQuestion.ts#L13-L27 #
ID: 01HTES3V4Z69ZFDY9R59NH5VJS
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/resetPassword.ts#L30-L35 #
ID: 01HTES3V4Z69ZFDY9R573GPEAE
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/resetPassword.ts#L19-L33 #
ID: 01HTES3V4Z69ZFDY9R53AKRZQ7
Language: TypeScript
Severity: 🟡 HIGH
CWE-918
Node ssrf
User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF). https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/profileImageUrlUpload.ts#L20 #
ID: 01HTES3V4Z69ZFDY9R5221X210
Language: TypeScript
Severity: 🟡 HIGH
CWE-918
Node ssrf
User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF). https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/profileImageUrlUpload.ts#L18-L32 #
ID: 01HTES3V4Z69ZFDY9R51Q06BNS
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/payment.ts#L41 #
ID: 01HTES3V4Z69ZFDY9R4Y9DN515
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/order.ts#L141 #
ID: 01HTES3V4Z69ZFDY9R4TBCQ63B
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/order.ts#L118 #
ID: 01HTES3V4Z69ZFDY9R4QQYJ0HA
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/order.ts#L72 #
ID: 01HTES3V4Z69ZFDY9R4KWV1VBX
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/order.ts#L37 #
ID: 01HTES3V4Z69ZFDY9R4HZ3JJHF
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/order.ts#L36-L50 #
ID: 01HTES3V4Z69ZFDY9R4H459Z1Y
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/likeProductReviews.ts#L16-L30 #
ID: 01HTES3V4Z69ZFDY9R3DGKAHHZ
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/address.ts#L18 #
ID: 01HTES3V4Z69ZFDY9R3FHFSDM1
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/basket.ts#L17-L31 #
ID: 01HTES3V4Z69ZFDY9R3H7MAYWY
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/basket.ts#L18 #
ID: 01HTES3V4Z69ZFDY9R3MD000ME
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/basketItems.ts#L67 #
ID: 01HTES3V4Z69ZFDY9R4GYJ1H1Y
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/deluxe.ts#L35 #
ID: 01HTES3V4Z69ZFDY9R4FX7HFTN
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/deluxe.ts#L25 #
ID: 01HTES3V4Z69ZFDY9R4DF4K17K
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/deluxe.ts#L19 #
ID: 01HTES3V4Z69ZFDY9R4C3B2V68
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/delivery.ts#L34 #
ID: 01HTES3V4Z69ZFDY9R49WHZNK0
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/dataErasure.ts#L27-L32 #
ID: 01HTES3V4Z69ZFDY9R46AY5Y6E
Language: TypeScript
Severity: 🟡 HIGH
CWE-943
Node noSQL injection
Untrusted user input in findOne() function can result in NoSQL Injection. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/dataErasure.ts#L24-L38 #
ID: 01HTES3V4Z69ZFDY9R36N0V3SS
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node insecure random generator
crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/lib/insecurity.ts#L55 #
ID: 01HTES3V4Z69ZFDY9R24X6A1RT
Language: JavaScript
Severity: 🔵 MEDIUM
CWE-185
Javascript dos rule non literal regexp
The
RegExp
constructor was called with a non-literal value. If an adversary were able to supply a malicious regex, they could cause a Regular Expression Denial of Service (ReDoS) against the application. In Node applications, this could cause the entire application to no longer be responsive to other users' requests.To remediate this issue, never allow user-supplied regular expressions. Instead, the regular expression should be hardcoded. If this is not possible, consider using an alternative regular expression engine such as node-re2. RE2 is a safe alternative that does not support backtracking, which is what leads to ReDoS.
Example using re2 which does not support backtracking (Note: it is still recommended to never use user-supplied input):
For more information on Regular Expression DoS see:
https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/frontend/src/assets/private/dat.gui.min.js#L11 #
ID: 01HTES3V4Z69ZFDY9R43F3GFB0
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-22
Javascript pathtraversal rule non literal fs filename
The application dynamically constructs file or path information. If the path information comes from user-supplied input, it could be abused to read sensitive files, access other users' data, or aid in exploitation to gain further system access.
User input should never be used in constructing paths or files for interacting with the filesystem. This includes filenames supplied by user uploads or downloads. If possible, consider hashing user input or using unique values and use
path.normalize
to resolve and validate the path information prior to processing any file functionality.Example using
path.normalize
and not allowing direct user input:For more information on path traversal issues see OWASP: https://owasp.org/www-community/attacks/Path_Traversal
https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/chatbot.ts#L41 #
ID: 01HTES3V4Z69ZFDY9R3YCMBSED
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-95
Javascript eval rule eval with expression
The application was found calling the
eval
function OR Function() constructor OR setTimeout() OR setInterval() methods. If thevariables or strings or functions passed to these methods contains user-supplied input, an adversary could attempt to execute arbitrary
JavaScript
code. This could lead to a full system compromise in Node applications or Cross-site Scripting
(XSS) in web applications.
To remediate this issue, remove all calls to above methods and consider alternative methods for
executing
the necessary business logic. There is almost no safe method of calling
eval
or other above stated sinks withuser-supplied input.
Instead, consider alternative methods such as using property accessors to dynamically access
values.
Example using property accessors to dynamically access an object's property:
For more information on why not to use
eval
, and alternatives see:https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#never_use_eval!
Other References:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/Function
https://developer.mozilla.org/en-US/docs/Web/API/setTimeout
https://developer.mozilla.org/en-US/docs/Web/API/setInterval
https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L23 #
ID: 01HTES3V4Z69ZFDY9R3TPG9ZJ9
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node insecure random generator
crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L20 #
ID: 01HTES3V4Z69ZFDY9R3TNRSN8K
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node insecure random generator
crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L19 #
ID: 01HTES3V4Z69ZFDY9R3RGF0Z4G
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node insecure random generator
crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L17 #
ID: 01HTES3V4Z69ZFDY9R3RG5TB16
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node insecure random generator
crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L16 #
ID: 01HTES3V4Z69ZFDY9R3RA04JQC
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node insecure random generator
crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/captcha.ts#L15 #
ID: 01HTES3V4Z69ZFDY9R3AGPDW1B
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-22
Javascript pathtraversal rule non literal fs filename
The application dynamically constructs file or path information. If the path information comes from user-supplied input, it could be abused to read sensitive files, access other users' data, or aid in exploitation to gain further system access.
User input should never be used in constructing paths or files for interacting with the filesystem. This includes filenames supplied by user uploads or downloads. If possible, consider hashing user input or using unique values and use
path.normalize
to resolve and validate the path information prior to processing any file functionality.Example using
path.normalize
and not allowing direct user input:For more information on path traversal issues see OWASP: https://owasp.org/www-community/attacks/Path_Traversal
https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/lib/utils.ts#L131 #
ID: 01HTES3V4Z69ZFDY9R1JD4VQEJ
Language: Containerfile
Severity: 🔵 MEDIUM
AVD-DS-0001
':latest' tag used
When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated. Read more: https://avd.aquasec.com/misconfig/ds001 https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/test/smoke/Dockerfile#L1 #
ID: 01HTES3V4Z69ZFDY9R35SMTMGV
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-327
Node md5
MD5 is a a weak hash which is known to have collision. Use a strong hashing function. https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/lib/insecurity.ts#L43 #
ID: 01HTES3V4Z69ZFDY9R4Q49VRS2
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-22
Javascript pathtraversal rule non literal fs filename
The application dynamically constructs file or path information. If the path information comes from user-supplied input, it could be abused to read sensitive files, access other users' data, or aid in exploitation to gain further system access.
User input should never be used in constructing paths or files for interacting with the filesystem. This includes filenames supplied by user uploads or downloads. If possible, consider hashing user input or using unique values and use
path.normalize
to resolve and validate the path information prior to processing any file functionality.Example using
path.normalize
and not allowing direct user input:For more information on path traversal issues see OWASP: https://owasp.org/www-community/attacks/Path_Traversal
https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/routes/order.ts#L46 #
ID: 01HTES3V4Z69ZFDY9R32NC4Z24
Language: TypeScript
Severity: 🔵 MEDIUM
CWE-185
Javascript dos rule non literal regexp
The
RegExp
constructor was called with a non-literal value. If an adversary were able to supply a malicious regex, they could cause a Regular Expression Denial of Service (ReDoS) against the application. In Node applications, this could cause the entire application to no longer be responsive to other users' requests.To remediate this issue, never allow user-supplied regular expressions. Instead, the regular expression should be hardcoded. If this is not possible, consider using an alternative regular expression engine such as node-re2. RE2 is a safe alternative that does not support backtracking, which is what leads to ReDoS.
Example using re2 which does not support backtracking (Note: it is still recommended to never use user-supplied input):
For more information on Regular Expression DoS see:
https://github.com/InfoTrackGlobal/juice-shop/blob/c8ba32bd2e555aecfcd857628be6564bf35ccadb/lib/codingChallenges.ts#L78 #
ℹ️ Note: 103 vulnerabilities were detected. This dashboard prioritises and showcases the top 50 most critical findings.
Reply with
/nullify
to interact with me like another developer