Miggo Logo

CVE-2018-7560: AWS Lambda parser is vulnerable to Regular Expression Denial of Service

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.55713%
Published
3/5/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
aws-lambda-multipart-parsernpm< 0.1.20.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the line .split(new RegExp(boundary)) in the parse function. The boundary value is extracted directly from the HTTP request headers without sanitization, and converting it to a RegExp object enables ReDoS attacks via malicious boundary patterns. The patch replaces new RegExp(boundary) with a direct string split (split(boundary)), confirming this was the vulnerable code path. The parse function is the entry point for processing untrusted input and directly handles the dangerous regex construction.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

in**x.js in t** *ws-l*m***-multip*rt-p*rs*r NPM p**k*** ***or* *.*.* **s * R**ul*r *xpr*ssion **ni*l o* S*rvi** (R**oS) issu* vi* * *r**t** multip*rt/*orm-**t* *oun**ry strin*.

Reasoning

T** vuln*r**ility st*ms *rom t** lin* `.split(n*w R***xp(*oun**ry))` in t** p*rs* *un*tion. T** *oun**ry v*lu* is *xtr**t** *ir**tly *rom t** *TTP r*qu*st *****rs wit*out s*nitiz*tion, *n* *onv*rtin* it to * R***xp o*j**t *n**l*s R**oS *tt**ks vi* m*