Java: Regex injection

Query

Relevant PR: github/codeql#5704

CVE ID(s)

• CVE-2021-29506
  graphhopper: Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
• CVE-2021-33580
  Apache Roller: regex injection leading to DoS.
• CVE-2021-37262
  jflyfox/jfinal_cms: regex injection
  After unsuccessful attempts to contact the maintainer by email and asking in the repo I have created a public issue. When it didn't help I have created a pull request that was merged. The maintainer neither created an advisory nor requested a CVE.
• CVE-2021-38244
  cbioportal: regex injection
  Similar story trying to contact maintainers. Issue. Pull request. Fixed in https://github.com/cBioPortal/cbioportal/releases/tag/v3.6.22

[ghsecuritylab]

Your submission is now in status Generate Query Results.

For information, the evaluation workflow is the following:
SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[ghsecuritylab]

Your submission is now in status FP Check.

For information, the evaluation workflow is the following:
SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[ghsecuritylab]

Your submission is now in status CodeQL review.

For information, the evaluation workflow is the following:
SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[ghsecuritylab]

Your submission is now in status SecLab finalize.

For information, the evaluation workflow is the following:
SecLab review > Generate Query Results > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[kevinbackhouse]

@edvraa: I think you did the right thing requesting the CVEs from Mitre. In my experience, you sometimes have to wait a little while for them to assign the CVE, so I would recommend giving them another month or so. Please @ me on this issue when the CVEs are assigned, so that we can pay the bounty.

At last Mitre has assigned CVEs!

[ghsecuritylab]

Your submission is now in status Pay.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

[xcorail]

Created Hackerone report 1443028 for bounty 359732 : [423] Java: Regex injection

[ghsecuritylab]

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed