CVE-2021-33580
published 2021-08-18CVE-2021-33580: User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | roller | < 6.0.2 | 6.0.2 |
| apache_software_foundation | apache_roller | >= Apache Roller < 6.0.2 | 6.0.2 |