➠ Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity
Describe the bugs: 🐛 moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates. affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters). PoC: javascript moment("(".repeat(500000)) Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process. The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down. Let’s take the following regular expression as an: javascript regex = /A(B|C+)+D/ This regular expression accomplishes the following: * A The string must start with the letter 'A' * (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one......
Zur Startseite
➤ Ähnliche Beiträge für 'Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity'
HPR3289: NextCloud the hard way
vom 798.01 Punkte
NextCloud
I want to install NextCloud for my family, but only for my family. This means making things hard for myself by installing it behind my firewall with a private nat ipaddress. That presented problems with getting a valid Let's encrypt cert.
Nextcloud Server bis 9.0.51 Gallery share.js Cross Site Scripting
vom 599.51 Punkte
Eine Schwachstelle wurde in Nextcloud Server bis 9.0.51 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist eine unbekannte Funktion der Datei share.js der Komponente Gallery. Durch Beeinflussen mit einer unbekannten Eingabe kann eine Cr
Nextcloud Server bis 9.0.51 Gallery share.js Cross Site Scripting
vom 599.51 Punkte
Eine Schwachstelle wurde in Nextcloud Server bis 9.0.51 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist eine unbekannte Funktion der Datei share.js der Komponente Gallery. Durch Beeinflussen mit einer unbekannten Eingabe kann eine Cr
Nextcloud: 9 Tipps für typische Probleme
vom 592.3 Punkte
In den vergangenen Jahren ist Nextcloud immer besser und auch in größeren Unternehmen eine Alternative zu den Cloudlösungen der großen Hyperscaler geworden. Oft genug laufen die Nextcloud-Admins in Probleme hinein, die sich aber meist einfach lösen
Catastrophic backtracking: how can a regular expression cause a ReDoS vulnerability?
vom 591.97 Punkte
Regular expressions come in handy when you need to search for and replace text. However, in some cases, they may cause the system to slow down or even make vulnerable to ReDoS attacks.
Introduction
ReDoS is a subtype of a DoS attack. The aim of a ReDoS attack is to halt an application or cause it to slow down via an inefficient regex.
ReDoS attacks can be divided into two types:
A stri
Regex Performance Improvements in .NET 5
vom 388.86 Punkte
The System.Text.RegularExpressions namespace has been in .NET for years, all the way back to .NET Framework 1.1. It’s used in hundreds of places within the .NET implementation itself, and directly by thousands upon thousands of applications. Across all of t
2022 Top Routinely Exploited Vulnerabilities
vom 351.16 Punkte
SUMMARY
The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA):
United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI)
Australia:
Broadcom Software: Taming IT Complexity through Effective Strategies and Partnerships
vom 344.97 Punkte
By Andy Nallappan, Chief Technology Officer and Head of Software Business Operations, Broadcom SoftwareThe information technology that enables scientific and commercial breakthroughs, from precision medicine to digital transformation, demonstrates te
A Concatenative Combinators abstraction algorithm
vom 333.29 Punkte
Abstract
Concatenative programming languages like Forth or Joy have their theoretical foundation in a computational model that is equivalent to 𝜆-calculus and Combinatory Logic: the Concatenative Combinatory Logic. This article shows a simple abs
Learn the Basics of RegEx in JavaScript
vom 332.82 Punkte
In JavaScript, regular expressions (RegEx) can be used to match strings or parts of strings. To create a regular expression, you can use the RegEx constructor or the literal notation (/pattern/flags).
View This On YouTube
Using the RegExp Co
Mastering Time Complexity in Ruby: A Comprehensive Guide with Code Examples and Tests
vom 309.3 Punkte
Coding time complexity is an essential concept in computer science that measures the amount of time it takes a particular algorithm to execute. It is important to understand time complexity, especially when developing software applications that require ef
Gentle Introduction To Typescript Compiler API
vom 288.25 Punkte
TypeScript extends JavaScript by adding types, thereby enhancing code quality and understandability through static type checking which enables developers to catch errors at compile-time rather than runtime.
The TypeScript team has built a compiler tsc to pr