CWE-185
Allowed-with-ReviewIncorrect Regular Expression
Abstraction: Class · Status: Draft
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
70 vulnerabilities reference this CWE, most recent first.
GHSA-93PH-P7V4-HWH4
Vulnerability from github – Published: 2026-02-09 17:19 – Updated: 2026-02-09 22:38Summary
AllowedHosts host validation can be bypassed because configured host patterns are turned into regular expressions without escaping regex metacharacters (notably .). A configured allowlist entry like example.com can match exampleXcom
Details
In litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname.
PoC
Server (poc_allowed_hosts_server.py)
from litestar import Litestar, get
from litestar.middleware.allowed_hosts import AllowedHostsConfig
@get("/")
async def index() -> str:
return "ok"
config = AllowedHostsConfig(allowed_hosts=["example.com"])
app = Litestar([index], allowed_hosts_config=config)
uvicorn poc_allowed_hosts_server:app --host 127.0.0.1 --port 8001
Client (poc_allowed_hosts_client.py)
import http.client
def req(host_header: str) -> tuple[int, bytes]:
c = http.client.HTTPConnection("127.0.0.1", 8001, timeout=3)
c.request("GET", "/", headers={"Host": host_header})
r = c.getresponse()
body = r.read()
c.close()
return r.status, body
print("evil.com:", *req("evil.com"))
print("exampleXcom:", *req("exampleXcom"))
Expected (vulnerable behavior): Host: evil.com → 400 invalid host
Host: exampleXcom → 200 ok (bypass)
Impact
Type: security control bypass (host allowlist) Who is impacted: apps relying on AllowedHosts to prevent Host header attacks (cache poisoning, absolute URL construction abuse, password reset link poisoning, etc.). The downstream impact depends on app behavior, but the bypass defeats a core mitigation layer.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "litestar"
},
"ranges": [
{
"events": [
{
"introduced": "2.19.0"
},
{
"fixed": "2.20.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.19.0"
]
}
],
"aliases": [
"CVE-2026-25479"
],
"database_specific": {
"cwe_ids": [
"CWE-185"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-09T17:19:00Z",
"nvd_published_at": "2026-02-09T20:15:57Z",
"severity": "MODERATE"
},
"details": "### Summary\nAllowedHosts host validation can be bypassed because configured host patterns are turned into regular expressions without escaping regex metacharacters (notably .). A configured allowlist entry like example.com can match exampleXcom\n\n### Details\nIn litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname.\n\n### PoC\nServer (poc_allowed_hosts_server.py)\n\n```\nfrom litestar import Litestar, get\nfrom litestar.middleware.allowed_hosts import AllowedHostsConfig\n\n@get(\"/\")\nasync def index() -\u003e str:\n return \"ok\"\n\nconfig = AllowedHostsConfig(allowed_hosts=[\"example.com\"])\napp = Litestar([index], allowed_hosts_config=config)\n```\n\n`uvicorn poc_allowed_hosts_server:app --host 127.0.0.1 --port 8001`\n\nClient (poc_allowed_hosts_client.py)\n\n```\nimport http.client\n\ndef req(host_header: str) -\u003e tuple[int, bytes]:\n c = http.client.HTTPConnection(\"127.0.0.1\", 8001, timeout=3)\n c.request(\"GET\", \"/\", headers={\"Host\": host_header})\n r = c.getresponse()\n body = r.read()\n c.close()\n return r.status, body\n\nprint(\"evil.com:\", *req(\"evil.com\"))\nprint(\"exampleXcom:\", *req(\"exampleXcom\"))\n```\n\nExpected (vulnerable behavior):\nHost: evil.com \u2192 400 invalid host\n\nHost: exampleXcom \u2192 200 ok (bypass)\n\n### Impact\nType: security control bypass (host allowlist)\nWho is impacted: apps relying on AllowedHosts to prevent Host header attacks (cache poisoning, absolute URL construction abuse, password reset link poisoning, etc.). The downstream impact depends on app behavior, but the bypass defeats a core mitigation layer.",
"id": "GHSA-93ph-p7v4-hwh4",
"modified": "2026-02-09T22:38:10Z",
"published": "2026-02-09T17:19:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25479"
},
{
"type": "WEB",
"url": "https://github.com/litestar-org/litestar/commit/06b36f481d1bfea6f19995cfb4f203aba45c4ace"
},
{
"type": "WEB",
"url": "https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0"
},
{
"type": "PACKAGE",
"url": "https://github.com/litestar-org/litestar"
},
{
"type": "WEB",
"url": "https://github.com/litestar-org/litestar/releases/tag/v2.20.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Litestar\u0027s AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns"
}
GHSA-9GCG-W975-3RJH
Vulnerability from github – Published: 2026-04-16 20:44 – Updated: 2026-04-16 20:44Impact
The serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots (.) as a regular expression matcher. Because . is a valid character in a service account name, an AuthorizationPolicy ALLOW rule targeting SA e.g. cert-manager.io also matches cert-manager-io, cert-managerXio, etc. A DENY rule targeting the same name fails to block those variants.
Patches
Fixes are available in 1.29.2, 1.28.6, and 1.27.9
Workarounds
None
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "istio.io/istio"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-20241024090207-0bf27d49ba4b"
},
{
"fixed": "0.0.0-20260403004500-692e460c342d"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-39350"
],
"database_specific": {
"cwe_ids": [
"CWE-185"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-16T20:44:46Z",
"nvd_published_at": "2026-04-15T23:16:09Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe `serviceAccounts` and `notServiceAccounts` fields in AuthorizationPolicy incorrectly interpret dots (`.`) as a regular expression matcher. Because `.` is a valid character in a service account name, an `AuthorizationPolicy` ALLOW rule targeting SA e.g. `cert-manager.io` also matches `cert-manager-io`, `cert-managerXio`, etc. A DENY rule targeting the same name fails to block those variants.\n\n### Patches\nFixes are available in 1.29.2, 1.28.6, and 1.27.9\n\n### Workarounds\nNone",
"id": "GHSA-9gcg-w975-3rjh",
"modified": "2026-04-16T20:44:46Z",
"published": "2026-04-16T20:44:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/istio/istio/security/advisories/GHSA-9gcg-w975-3rjh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39350"
},
{
"type": "WEB",
"url": "https://github.com/istio/istio/commit/692e460c342d8f308a35b6ecbdace47807da8ade"
},
{
"type": "PACKAGE",
"url": "https://github.com/istio/istio"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots"
}
GHSA-9PQ7-RCXV-47VQ
Vulnerability from github – Published: 2021-07-14 19:10 – Updated: 2021-07-15 20:24RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 106.11.7"
},
"package": {
"ecosystem": "NuGet",
"name": "RestSharp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "106.11.8-alpha.0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27293"
],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-13T21:24:43Z",
"nvd_published_at": "2021-07-12T11:15:00Z",
"severity": "HIGH"
},
"details": "RestSharp \u003c 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.",
"id": "GHSA-9pq7-rcxv-47vq",
"modified": "2021-07-15T20:24:43Z",
"published": "2021-07-14T19:10:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27293"
},
{
"type": "WEB",
"url": "https://github.com/restsharp/RestSharp/issues/1556"
},
{
"type": "WEB",
"url": "https://github.com/restsharp/RestSharp/commit/be39346784b68048b230790d15333574341143bc"
},
{
"type": "WEB",
"url": "https://restsharp.dev"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Regular Expression in RestSharp"
}
GHSA-FX7M-J728-MJW3
Vulnerability from github – Published: 2019-03-06 17:35 – Updated: 2023-01-23 17:07An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "uap-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-20164"
],
"database_specific": {
"cwe_ids": [
"CWE-185"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:35:45Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)",
"id": "GHSA-fx7m-j728-mjw3",
"modified": "2023-01-23T17:07:55Z",
"published": "2019-03-06T17:35:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20164"
},
{
"type": "WEB",
"url": "https://github.com/ua-parser/uap-core/issues/332"
},
{
"type": "WEB",
"url": "https://github.com/ua-parser/uap-core/commit/010ccdc7303546cd22b9da687c29f4a996990014"
},
{
"type": "WEB",
"url": "https://github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadc"
},
{
"type": "PACKAGE",
"url": "https://github.com/ua-parser/uap-core"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "uap-core Regular Expression Denial of Service issue"
}
GHSA-G95F-P29Q-9XW4
Vulnerability from github – Published: 2019-06-06 15:30 – Updated: 2026-02-03 17:47Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references.
Original Description
Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Recommendation
Upgrade to version 2.3.1 or higher.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "braces"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2019-06-06T09:40:51Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references.\n\n## Original Description\nVersions of `braces` prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 2.3.1 or higher.",
"id": "GHSA-g95f-p29q-9xw4",
"modified": "2026-02-03T17:47:36Z",
"published": "2019-06-06T15:30:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/npm:braces:20180219"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/786"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Regular Expression Denial of Service in braces",
"withdrawn": "2026-02-03T17:47:36Z"
}
GHSA-HH8V-HGVP-G3F5
Vulnerability from github – Published: 2026-03-19 19:04 – Updated: 2026-03-27 21:58Impact
The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain.
This enables two attack vectors:
- SSRF: The
OscaroteroEmbedAdaptermakes server-side HTTP requests to the embed URL via theembed/embedlibrary. A bypassed domain filter causes the server to make outbound requests to an attacker-controlled host, potentially probing internal services or exfiltrating request metadata. - XSS:
EmbedRendereroutputs the oEmbed response HTML directly into the page with no sanitization. An attacker controlling the bypassed domain can return arbitrary HTML/JavaScript in their oEmbed response, which is rendered verbatim.
Any application using the Embed extension and relying on allowed_domains to restrict domains when processing untrusted Markdown input is affected.
Patches
This has been patched in version 2.8.2. The fix replaces the regex-based domain check with explicit hostname parsing using parse_url(), ensuring exact domain and subdomain matching only.
Workarounds
- Disable the
Embedextension, or restrict its use to trusted users - Provide your own domain-filtering implementation of
EmbedAdapterInterface - Enable a Content Security Policy (CSP) and outbound firewall restrictions
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.8.1"
},
"package": {
"ecosystem": "Packagist",
"name": "league/commonmark"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.8.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33347"
],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-79",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-19T19:04:24Z",
"nvd_published_at": "2026-03-24T20:16:29Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe `DomainFilteringAdapter` in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like `youtube.com.evil` passes the allowlist check when `youtube.com` is an allowed domain.\n\nThis enables two attack vectors:\n\n- **SSRF**: The `OscaroteroEmbedAdapter` makes server-side HTTP requests to the embed URL via the `embed/embed` library. A bypassed domain filter causes the server to make outbound requests to an attacker-controlled host, potentially probing internal services or exfiltrating request metadata.\n- **XSS**: `EmbedRenderer` outputs the oEmbed response HTML directly into the page with no sanitization. An attacker controlling the bypassed domain can return arbitrary HTML/JavaScript in their oEmbed response, which is rendered verbatim.\n\nAny application using the `Embed` extension and relying on `allowed_domains` to restrict domains when processing untrusted Markdown input is affected.\n\n### Patches\n\nThis has been patched in version **2.8.2**. The fix replaces the regex-based domain check with explicit hostname parsing using `parse_url()`, ensuring exact domain and subdomain matching only.\n\n### Workarounds\n\n- Disable the `Embed` extension, or restrict its use to trusted users\n- Provide your own domain-filtering implementation of `EmbedAdapterInterface`\n- Enable a [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) and outbound firewall restrictions",
"id": "GHSA-hh8v-hgvp-g3f5",
"modified": "2026-03-27T21:58:03Z",
"published": "2026-03-19T19:04:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33347"
},
{
"type": "WEB",
"url": "https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b"
},
{
"type": "PACKAGE",
"url": "https://github.com/thephpleague/commonmark"
},
{
"type": "WEB",
"url": "https://github.com/thephpleague/commonmark/releases/tag/2.8.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "league/commonmark has an embed extension allowed_domains bypass"
}
GHSA-J45J-W7QV-7R59
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2022-05-24 16:44An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
{
"affected": [],
"aliases": [
"CVE-2019-11388"
],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-21T02:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.",
"id": "GHSA-j45j-w7qv-7r59",
"modified": "2022-05-24T16:44:03Z",
"published": "2022-05-24T16:44:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11388"
},
{
"type": "WEB",
"url": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354"
},
{
"type": "WEB",
"url": "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1372"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JCCR-RRW2-VC8H
Vulnerability from github – Published: 2026-03-31 23:56 – Updated: 2026-04-08 11:58Summary
The jq safe-bin policy blocked explicit env usage but still allowed jq programs that accessed environment data through $ENV.
Impact
An operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope.
Affected Component
src/infra/exec-safe-bin-semantics.ts
Fixed Versions
- Affected:
<= 2026.3.24 - Patched:
>= 2026.3.28 - Latest stable
2026.3.28contains the fix.
Fix
Fixed by commit 78e2f3d66d (Exec: tighten jq safe-bin env checks).
Thanks @nicky-cc of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.24"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-31T23:56:13Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nThe jq safe-bin policy blocked explicit `env` usage but still allowed jq programs that accessed environment data through `$ENV`.\n\n## Impact\n\nAn operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope.\n\n## Affected Component\n\n`src/infra/exec-safe-bin-semantics.ts`\n\n## Fixed Versions\n\n- Affected: `\u003c= 2026.3.24`\n- Patched: `\u003e= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `78e2f3d66d` (`Exec: tighten jq safe-bin env checks`).\n\nThanks @nicky-cc of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.",
"id": "GHSA-jccr-rrw2-vc8h",
"modified": "2026-04-08T11:58:00Z",
"published": "2026-03-31T23:56:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jccr-rrw2-vc8h"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/78e2f3d66d74e5c7e6f45c54162e63986e39771b"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure"
}
GHSA-M7JM-9GC2-MPF2
Vulnerability from github – Published: 2026-02-20 18:23 – Updated: 2026-02-27 16:51Entity encoding bypass via regex injection in DOCTYPE entity names
Summary
A dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered.
Details
The fix for CVE-2023-34104 addressed some regex metacharacters in entity names but missed . (period), which is valid in XML names per the W3C spec.
In DocTypeReader.js, entity names are passed directly to RegExp():
entities[entityName] = {
regx: RegExp(`&${entityName};`, "g"),
val: val
};
An entity named l. produces the regex /&l.;/g where . matches any character, including the t in <. Since DOCTYPE entities are replaced before built-in entities, this shadows < entirely.
The same issue exists in OrderedObjParser.js:81 (addExternalEntities), and in the v6 codebase - EntitiesParser.js has a validateEntityName function with a character blacklist, but . is not included:
// v6 EntitiesParser.js line 96
const specialChar = "!?\\/[]$%{}^&*()<>|+"; // no dot
Shadowing all 5 built-in entities
| Entity name | Regex created | Shadows |
|---|---|---|
l. |
/&l.;/g |
< |
g. |
/&g.;/g |
> |
am. |
/&am.;/g |
& |
quo. |
/&quo.;/g |
" |
apo. |
/&apo.;/g |
' |
PoC
const { XMLParser } = require("fast-xml-parser");
const xml = `<?xml version="1.0"?>
<!DOCTYPE foo [
<!ENTITY l. "<img src=x onerror=alert(1)>">
]>
<root>
<text>Hello <b>World</b></text>
</root>`;
const result = new XMLParser().parse(xml);
console.log(result.root.text);
// Hello <img src=x onerror=alert(1)>b>World<img src=x onerror=alert(1)>/b>
No special parser options needed - processEntities: true is the default.
When an app renders result.root.text in a page (e.g. innerHTML, template interpolation, SSR), the injected <img onerror> fires.
& can be shadowed too:
const xml2 = `<?xml version="1.0"?>
<!DOCTYPE foo [
<!ENTITY am. "'; DROP TABLE users;--">
]>
<root>SELECT * FROM t WHERE name='O&Brien'</root>`;
const r = new XMLParser().parse(xml2);
console.log(r.root);
// SELECT * FROM t WHERE name='O'; DROP TABLE users;--Brien'
Impact
This is a complete bypass of XML entity encoding. Any application that parses untrusted XML and uses the output in HTML, SQL, or other injection-sensitive contexts is affected.
- Default config, no special options
- Attacker can replace any
</>/&/"/'with arbitrary strings - Direct XSS vector when parsed XML content is rendered in a page
- v5 and v6 both affected
Suggested fix
Escape regex metacharacters before constructing the replacement regex:
const escaped = entityName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
entities[entityName] = {
regx: RegExp(`&${escaped};`, "g"),
val: val
};
For v6, add . to the blacklist in validateEntityName:
const specialChar = "!?\\/[].{}^&*()<>|+";
Severity
CWE-185 (Incorrect Regular Expression)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N - 9.3 (CRITICAL)
Entity decoding is a fundamental trust boundary in XML processing. This completely undermines it with no preconditions.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "fast-xml-parser"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.3.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "fast-xml-parser"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.3"
},
{
"fixed": "4.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25896"
],
"database_specific": {
"cwe_ids": [
"CWE-185"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-20T18:23:54Z",
"nvd_published_at": "2026-02-20T21:19:27Z",
"severity": "CRITICAL"
},
"details": "# Entity encoding bypass via regex injection in DOCTYPE entity names\n\n## Summary\n\nA dot (`.`) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (`\u0026lt;`, `\u0026gt;`, `\u0026amp;`, `\u0026quot;`, `\u0026apos;`) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered.\n\n## Details\n\nThe fix for CVE-2023-34104 addressed some regex metacharacters in entity names but missed `.` (period), which is valid in XML names per the W3C spec.\n\nIn `DocTypeReader.js`, entity names are passed directly to `RegExp()`:\n\n```js\nentities[entityName] = {\n regx: RegExp(`\u0026${entityName};`, \"g\"),\n val: val\n};\n```\n\nAn entity named `l.` produces the regex `/\u0026l.;/g` where `.` matches **any character**, including the `t` in `\u0026lt;`. Since DOCTYPE entities are replaced before built-in entities, this shadows `\u0026lt;` entirely.\n\nThe same issue exists in `OrderedObjParser.js:81` (`addExternalEntities`), and in the v6 codebase - `EntitiesParser.js` has a `validateEntityName` function with a character blacklist, but `.` is not included:\n\n```js\n// v6 EntitiesParser.js line 96\nconst specialChar = \"!?\\\\/[]$%{}^\u0026*()\u003c\u003e|+\"; // no dot\n```\n\n## Shadowing all 5 built-in entities\n\n| Entity name | Regex created | Shadows |\n|---|---|---|\n| `l.` | `/\u0026l.;/g` | `\u0026lt;` |\n| `g.` | `/\u0026g.;/g` | `\u0026gt;` |\n| `am.` | `/\u0026am.;/g` | `\u0026amp;` |\n| `quo.` | `/\u0026quo.;/g` | `\u0026quot;` |\n| `apo.` | `/\u0026apo.;/g` | `\u0026apos;` |\n\n## PoC\n\n```js\nconst { XMLParser } = require(\"fast-xml-parser\");\n\nconst xml = `\u003c?xml version=\"1.0\"?\u003e\n\u003c!DOCTYPE foo [\n \u003c!ENTITY l. \"\u003cimg src=x onerror=alert(1)\u003e\"\u003e\n]\u003e\n\u003croot\u003e\n \u003ctext\u003eHello \u0026lt;b\u0026gt;World\u0026lt;/b\u0026gt;\u003c/text\u003e\n\u003c/root\u003e`;\n\nconst result = new XMLParser().parse(xml);\nconsole.log(result.root.text);\n// Hello \u003cimg src=x onerror=alert(1)\u003eb\u003eWorld\u003cimg src=x onerror=alert(1)\u003e/b\u003e\n```\n\nNo special parser options needed - `processEntities: true` is the default.\n\nWhen an app renders `result.root.text` in a page (e.g. `innerHTML`, template interpolation, SSR), the injected `\u003cimg onerror\u003e` fires.\n\n`\u0026amp;` can be shadowed too:\n\n```js\nconst xml2 = `\u003c?xml version=\"1.0\"?\u003e\n\u003c!DOCTYPE foo [\n \u003c!ENTITY am. \"\u0027; DROP TABLE users;--\"\u003e\n]\u003e\n\u003croot\u003eSELECT * FROM t WHERE name=\u0027O\u0026amp;Brien\u0027\u003c/root\u003e`;\n\nconst r = new XMLParser().parse(xml2);\nconsole.log(r.root);\n// SELECT * FROM t WHERE name=\u0027O\u0027; DROP TABLE users;--Brien\u0027\n```\n\n## Impact\n\nThis is a complete bypass of XML entity encoding. Any application that parses untrusted XML and uses the output in HTML, SQL, or other injection-sensitive contexts is affected.\n\n- Default config, no special options\n- Attacker can replace any `\u0026lt;` / `\u0026gt;` / `\u0026amp;` / `\u0026quot;` / `\u0026apos;` with arbitrary strings\n- Direct XSS vector when parsed XML content is rendered in a page\n- v5 and v6 both affected\n\n## Suggested fix\n\nEscape regex metacharacters before constructing the replacement regex:\n\n```js\nconst escaped = entityName.replace(/[.*+?^${}()|[\\]\\\\]/g, \u0027\\\\$\u0026\u0027);\nentities[entityName] = {\n regx: RegExp(`\u0026${escaped};`, \"g\"),\n val: val\n};\n```\n\nFor v6, add `.` to the blacklist in `validateEntityName`:\n\n```js\nconst specialChar = \"!?\\\\/[].{}^\u0026*()\u003c\u003e|+\";\n```\n\n## Severity\n\n**CWE-185** (Incorrect Regular Expression)\n\n**CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N - 9.3 (CRITICAL)**\n\nEntity decoding is a fundamental trust boundary in XML processing. This completely undermines it with no preconditions.",
"id": "GHSA-m7jm-9gc2-mpf2",
"modified": "2026-02-27T16:51:58Z",
"published": "2026-02-20T18:23:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896"
},
{
"type": "WEB",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e"
},
{
"type": "WEB",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69"
},
{
"type": "PACKAGE",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser"
},
{
"type": "WEB",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names"
}
GHSA-MCP7-23P7-2V34
Vulnerability from github – Published: 2026-04-22 00:31 – Updated: 2026-04-29 15:30An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim's account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.
{
"affected": [],
"aliases": [
"CVE-2026-4296"
],
"database_specific": {
"cwe_ids": [
"CWE-185"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-21T23:16:21Z",
"severity": "HIGH"
},
"details": "An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application\u0027s registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim\u0027s account with the scopes granted to the OAuth application. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.",
"id": "GHSA-mcp7-23p7-2v34",
"modified": "2026-04-29T15:30:37Z",
"published": "2026-04-22T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4296"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-45
Strategy: Refactoring
Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression.
CAPEC-15: Command Delimiters
An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
CAPEC-6: Argument Injection
An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
CAPEC-79: Using Slashes in Alternate Encoding
This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.