Possible ReDoS in the search function #411
Comments
|
Interesting! Considering mailcatcher runs locally and is only accessible on localhost this should only affect the user entering the request, so the urgency seems low. Cna you identify where or how this happens? The search happens in here: /~https://github.com/sj26/mailcatcher/blob/master/assets/javascripts/mailcatcher.js.coffee#L174 using jQuery selectors, so I'm not sure where that regexp comes from. Are you able to provide a patch to fix it? |
|
You are right in that this is a case of "self"-ReDoS and the severity is trivial. I think the vulnerable pattern is in the jQuery plugin here /~https://github.com/sj26/mailcatcher/blob/master/vendor/assets/javascripts/jquery.js#L3244 Unfortunately, I can not provide a patch, however I would recommend updating all third-party libraries, as, e.g. jQuery v1.4.3 is vulnerable to CVE-2015-9251. |
|
Yeah, I've never gotten around to upgrading jQuery because there wasn't much reason, the security issues didn't really apply due to how it's used here, and because I kinda wanted to rewrite the whole frontend. But you're right, upgrading is a good idea. I've just upgraded to v3 on master. It changes that regexp, so hopefully will be better protected. |
|
This is shipped in the latest version, v0.8.0. |
Hi,
MailCatcher Search function might be vulnerable to regular expression denial of service (ReDoS). Type in these strings into the search box to see how the front-end engine gets stuck, throwing the browser into resource consuming frenzy:
The CPU-guzzling regex seems to be this:
PSEUDO: /:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/The text was updated successfully, but these errors were encountered: