Inefficient Regular Expression Complexity in chocobozzz/peertube
Sep 16th 2021
Hello Again dear Peertube team.
I found inefficient regular expression in that have a Polynomial execution time that can be lead to ReDoS attacks and it is better to replace it with another regex or Use google re2 regex engine for server sides code.
Proof of Concept
I create two payloads that you can compare the execution times between them in Regexr provided links.
payload 1 : normal input
payload 2 : the crafted bad input with length = payload 1
Also if you see error from execution time in
Regexr.com this means that the execution time is greater that 250 millisecond.
dear puretube team, if you want any more explanation just tell me
Thanks, and sorry for the late answer.