Redos in at common.py#L20
Bug #2047505 reported by
lujiefsi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Solum |
New
|
Undecided
|
Unassigned |
Bug Description
Please check this website( https:/
vulnerable regex is at https:/
poc is here:
```
import re
import datetime
pt = re.compile(r'^(http://|https://|git@)(
def split(x):
data = 'https:/
starttime = datetime.
pt.search(data)
endtime = datetime.
print ("string length = " + str(x) + " time cost=" + str((endtime - starttime).seconds) + " seconds")
split(3)
split(30)
split(300)
split(3000)
```
description: | updated |
summary: |
- Redos in - https://github.com/openstack/solum/blob/42575ef1316983e4d48b89ecf9d8a71e899f18db/solum/api/handlers/language_pack_handler.py#L104 + Redos in at language_pack_handler.py#L104 |
description: | updated |
summary: |
- Redos in at language_pack_handler.py#L104 + Redos in at common.py#L20 |
description: | updated |
information type: | Private Security → Public Security |
To post a comment you must log in.