{"schema_version": "1.6.1", "id": "CVE-2021-33580", "summary": "regex injection leading to DoS", "details": "User controlled `request.getHeader(\"Referer\")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression.\n\nThe attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side.  This problem has been fixed in Roller 6.0.2.\n\n\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Roller"}, {"fixed": "6.0.2"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E"}]}