CVE-2021-43805 ReDos vulnerability on guest checkout email validation

2021-12-0717:25:09

CWE-1333

GitHub_M

www.cve.org

solidus

redos vulnerability

email validation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.2%

JSON

Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order’s email was subject to exponential backtracking through a fragment like a.a. Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file config/application.rb manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.

CNA Affected

[
  {
    "product": "solidus",
    "vendor": "solidusio",
    "versions": [
      {
        "status": "affected",
        "version": ">= 3.1.0, < 3.1.4"
      },
      {
        "status": "affected",
        "version": ">= 3.0.0, < 3.0.4"
      },
      {
        "status": "affected",
        "version": "< 2.11.13"
      }
    ]
  }
]