[Java]: CWE-730 Regex injection #351

ghost · 2021-04-26T10:29:17Z

Query

Link to pull request with your CodeQL query:

User controlled regex pattern may lead to Denial of Service.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

ghsecuritylab · 2021-04-27T10:36:45Z

Your submission is now in status SecLab review.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed

ghsecuritylab · 2021-05-06T08:36:55Z

Your submission is now in status CodeQL review.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed

ghsecuritylab · 2021-06-07T07:29:41Z

Your submission is now in status SecLab finalize.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

ghsecuritylab · 2021-06-07T21:09:07Z

Your submission is now in status Pay.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

xcorail · 2021-06-07T21:10:41Z

Created Hackerone report 1219492 for bounty 309995 : [351] [Java]: CWE-730 Regex injection

ghsecuritylab · 2021-06-07T21:11:05Z

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

ghost added the All For One Submissions to the All for One, One for All bounty label Apr 26, 2021

xcorail closed this as completed Jun 7, 2021