Our third example vulnerability is with the
ms npm package. This is a module that allows easy conversion of various time formats into milliseconds. The issue here is that we are using
email@example.com and this has a Regular Expression Denial of Service (ReDos) vulnerability.
What this package allows us to do is to take a string input and parse into milliseconds which our application will then use to send a reminder. For example:
To demonstrate this vulnerability, we will move to the terminal. Let's run the following command against our application:
echo 'content=Reboot server in 20 minutes' | http --form $GOOF_HOST/create -v