Flag Forge Regular Expression Denial-of-Service Vulnerability in User Profile API
Vulnerability
A Regular Expression Denial-of-Service (ReDoS) vulnerability has been identified in Flag Forge versions prior to 2.3.3. The issue resides in the user profile API endpoint, where the application dynamically constructs regular expressions using unescaped user input from the username parameter. This vulnerability can be exploited by sending a crafted username that includes regex meta-characters, such as deeply nested groups or quantifiers. Such exploitation causes the MongoDB regex engine to use excessive CPU resources, leading to a denial-of-service condition for other users.
Impact
Exploitation of this vulnerability causes excessive CPU consumption, disrupting service for other users.
Remediation
The vulnerability has been patched in version 2.3.3. Users are advised to update to this version. As an additional measure, a Web Application Firewall (WAF) rule can be implemented to block requests containing regex meta-characters in the URL path.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.