Regular Expression Denial of Service in Text Processing Library
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the lunary-ai/lunary library, specifically version 1.2.10. By crafting malicious regular expressions, an attacker can cause the application to become unresponsive or crash. This issue was not explicitly mentioned as patched in the provided data, suggesting the need for users to verify the latest versions for a fix.
Available publicly on Jun 01 2024
Remediation Steps
- Ensure your application is not using lunary-ai/lunary version 1.2.10.
- Upgrade to the latest version of the library, after verifying that the issue has been addressed.
- Implement input validation to reject suspicious or overly complex regular expressions.
- Consider using a timeout for regular expression processing to prevent excessive resource consumption.
- Monitor application logs for unusual patterns that may indicate an attempted exploitation of this vulnerability.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.