kylebambrick
commented
3 years ago Please submit to https://www.splunk.com/en_us/product-security/report.html#tabs/tabparsystabsProfessionalSecurityResearchers5 or prodsec@splunk.com
Closed dvasquez-7 closed 3 years ago
kylebambrick
commented
3 years ago Please submit to https://www.splunk.com/en_us/product-security/report.html#tabs/tabparsystabsProfessionalSecurityResearchers5 or prodsec@splunk.com
fantavlik
commented
3 years ago @dvasquez-7 we recently addressed a catastrophic backtracking issue, does this resolve your issue or is this a new concern? https://github.com/splunk/splunk-sdk-python/issues/309
dvasquez-7
commented
3 years ago It is a new concern related to the issue you resolved.
dvasquez-7
commented
3 years ago I have now submitted the issue to the link above.
fantavlik
commented
3 years ago After looking over your reproduction code, I believe the issue has been addressed by the change I referenced above. For previous versions of the SDK the reproduction code would exhibit backtracking and hang. (code omitted for security concerns)
For version https://github.com/splunk/splunk-sdk-python/releases/tag/1.6.16 and later the regex search returns as expected. I'm closing the issue - please comment if you see different behavior or have a different reproduction case for us to take a look at.
Hello,
I'm a security researcher at Sonatype, and I discovered a potential vulnerability in this project. Do you have a preferred way for me to share the details privately, or do you want me to just show you what I've got on this GitHub issue?