Java: Regex injection - Githubissues

github / securitylab

Resources related to GitHub Security Lab

https://securitylab.github.com

MIT License

1.41k stars 245 forks source link

Java: Regex injection #423

Closed ghost closed 2 years ago

ghost commented 3 years ago

Query

Relevant PR: https://github.com/github/codeql/pull/5704

CVE ID(s)

CVE-2021-29506 graphhopper: Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
CVE-2021-33580 Apache Roller: regex injection leading to DoS.
CVE-2021-37262 jflyfox/jfinal_cms: regex injection After unsuccessful attempts to contact the maintainer by email and asking in the repo I have created a public issue. When it didn't help I have created a pull request that was merged. The maintainer neither created an advisory nor requested a CVE.
CVE-2021-38244 cbioportal: regex injection Similar story trying to contact maintainers. Issue. Pull request. Fixed in https://github.com/cBioPortal/cbioportal/releases/tag/v3.6.22

ghsecuritylab commented 3 years ago

Your submission is now in status Generate Query Results.

For information, the evaluation workflow is the following: SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

ghsecuritylab commented 3 years ago

Your submission is now in status FP Check.

For information, the evaluation workflow is the following: SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

ghsecuritylab commented 3 years ago

Your submission is now in status CodeQL review.

For information, the evaluation workflow is the following: SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

ghsecuritylab commented 3 years ago

Your submission is now in status SecLab finalize.

For information, the evaluation workflow is the following: SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

kevinbackhouse commented 3 years ago

@edvraa: I think you did the right thing requesting the CVEs from Mitre. In my experience, you sometimes have to wait a little while for them to assign the CVE, so I would recommend giving them another month or so. Please @ me on this issue when the CVEs are assigned, so that we can pay the bounty.

ghost commented 2 years ago

At last Mitre has assigned CVEs!

ghsecuritylab commented 2 years ago

Your submission is now in status Pay.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

xcorail commented 2 years ago

Created Hackerone report 1443028 for bounty 359732 : [423] Java: Regex injection

ghsecuritylab commented 2 years ago

Your submission is now in status Closed.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed