Inefficient Regular Expression Complexity in chatwoot/chatwoot
Jun 30th 2021
🕵️♂️ Proof of Concept
// payload a= "<style fdasfsafafasdfasfasdfs<\/style> "
According to  Permalink the mentioned line is vulnarable to ReDoS and also the
stripStyleCharacters method used in  Permalink and at the end the bad regex used in Conversion section of Chatwoot.
I started send message from my Gmail to the created mail address of conversations section and I exponentially increase the lenght of payload like this: a, 2*a , 4*a , ... 200*a and measure the notification time on both my other email and conversation box and obviously it is take much more time in 200*a payload.
you can test it with your own way.
This vulnerability is capable of Direct impact on Availably of whole system.