Inefficient Regular Expression Complexity
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1333: Inefficient Regular Expression Complexity |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User input is being used directly to build regular expressions without proper validation or restrictions. This allows attackers to supply specially crafted inputs that can make the server spend excessive time processing those expressions.
Impact#
An attacker could cause the application to slow down or become unresponsive (Denial of Service) by submitting malicious input, potentially making the service unavailable to legitimate users and affecting overall system reliability.