Vulnerability type
RegExp Denial-of-Service——catastrophic backtracking in regex evaluation
Vulnerability Location
In the split function of shellwords@1.1.1, the following regular expression is used:
/\s*(?:([^\s\\'"]+)|'((?:[^'\\]|\\.)*)'|"((?:[^"\\]|\\.)*)"|(\\.?)|(\S))(\s|$)?/
Description
The split function in shellwords uses a complex regular expression to tokenize shell-like input strings.
However, this regex is vulnerable to catastrophic backtracking, which can cause CPU exhaustion and application hang when processing specially crafted input.
Proof of Concept (PoC)
require("shellwords").split('\n' + ' '.repeat(100000))Affected version
shellwords@1.1.1
(Other versions using the same regex implementation may also be affected)
Vulnerability type
RegExp Denial-of-Service——catastrophic backtracking in regex evaluation
Vulnerability Location
In the
splitfunction ofshellwords@1.1.1, the following regular expression is used:/\s*(?:([^\s\\'"]+)|'((?:[^'\\]|\\.)*)'|"((?:[^"\\]|\\.)*)"|(\\.?)|(\S))(\s|$)?/Description
The
splitfunction inshellwordsuses a complex regular expression to tokenize shell-like input strings.However, this regex is vulnerable to catastrophic backtracking, which can cause CPU exhaustion and application hang when processing specially crafted input.
Proof of Concept (PoC)
Affected version
shellwords@1.1.1
(Other versions using the same regex implementation may also be affected)