✍️ Description

If we want to use Regex in our match or search or replace or ... functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the bad Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing the web a study of redos vulnerabilities in javascript-based web servers" Paper if the web server be JavaScript-based and also be Node.js, this probability exists that one user can do DoS attack that affect on response time of all users from server as Node.js has a single-thread functionality.

🕵️‍♂️ Proof of Concept

// payload
a= "<style fdasfsafafasdfasfasdfs<\/style> "

According to [1] Permalink the mentioned line is vulnarable to ReDoS and also the stripStyleCharacters method used in [2] Permalink and at the end the bad regex used in Conversion section of Chatwoot. I started send message from my Gmail to the created mail address of conversations section and I exponentially increase the lenght of payload like this: a, 2*a , 4*a , ... 200*a and measure the notification time on both my other email and conversation box and obviously it is take much more time in 200*a payload. you can test it with your own way.

💥 Impact

This vulnerability is capable of Direct impact on Availably of whole system.