Lucene search
Veracode Vulnerability DatabaseVERACODE:35581HistoryMay 18, 2022 - 3:45 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-05-1803:45:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
shenyu
redos
regexpredicatejudge
EPSS
0.001
Percentile
47.4%
org.apache.shenyu:shenyu-plugin-base is vulnerable to regular expression denial of service (ReDoS) attacks. Both conditionData and realData parameters in judge function in RegexPredicateJudge.java are user controlled entities. A remote attacker is able to cause resource exhaustion by passing malicious regular expressions and characters through these parameters resulting in denial of service conditions.
Related
osv
osv
CVE-2022-26650
2022-05-17 08:15:06
Regular expression denial of service in Apache ShenYu
2022-05-18 00:00:47
prion
prion
Code injection
2022-05-17 08:15:00
nvd
nvd
CVE-2022-26650
2022-05-17 08:15:06
cvelist
cvelist
github
github
Regular expression denial of service in Apache ShenYu
2022-05-18 00:00:47
cve
cve
CVE-2022-26650
2022-05-17 08:15:06