ReDoS Vulnerability in Chat History Filtering via Regular Expression Injection
A ReDoS vulnerability was identified in the latest version of the chat history filtering function, which was patched in the subsequent release. The vulnerability allows an attacker to inject a malicious regular expression, causing significant delays in processing.
Available publicly on Jun 25 2024
Remediation Steps
- Sanitize and validate the keyword input before using it in the
re.searchfunction. - Implement a timeout mechanism for regular expression operations to prevent excessive backtracking.
- Update the affected version to the latest patched release.
- Conduct a thorough code review to identify and mitigate similar vulnerabilities in other parts of the application.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.