Impact
Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS).
Patches
No fix is available yet. All versions are impacted < 3.1.3.
Workarounds
Avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.
References
CWE-400: Uncontrolled Resource Consumption
CAPEC-492: Regular Expression Exponential Blowup
Impact
Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS).
Patches
No fix is available yet. All versions are impacted < 3.1.3.
Workarounds
Avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.
References
CWE-400: Uncontrolled Resource Consumption
CAPEC-492: Regular Expression Exponential Blowup