Miggo Logo

CVE-2022-4891: Sisimai Inefficient Regular Expression Complexity vulnerability

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.28457%
Published
1/17/2023
Updated
3/1/2024
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
sisimairubygems< 4.25.14p124.25.14p12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two regex patterns in the to_plain method:

  1. %r|<head>.+</head>|im - Greedy .+ between <head> tags causes excessive backtracking on malformed/nested content.
  2. %r|<style.+?>.+</style>|im - The outer .+? and inner .+ create ambiguity in matching style tag boundaries. The patch replaced these with non-greedy quantifiers (.*?), confirming the root cause. The CWE-1333 classification and exploit example further validate the regex inefficiency in this specific function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility **s ***n *oun* in Sisim*i up to *.**.**p** *n* *l*ssi*i** *s pro*l*m*ti*. T*is vuln*r**ility *****ts t** *un*tion `to_pl*in` o* t** *il* `li*/sisim*i/strin*.r*`. T** m*nipul*tion l***s to in***i*i*nt r**ul*r *xpr*ssion *ompl*xity. T**

Reasoning

T** vuln*r**ility st*ms *rom two r***x p*tt*rns in t** `to_pl*in` m*t*o*: *. `%r|<****>.+</****>|im` - *r***y `.+` **tw**n `<****>` t**s **us*s *x**ssiv* ***ktr**kin* on m*l*orm**/n*st** *ont*nt. *. `%r|<styl*.+?>.+</styl*>|im` - T** out*r `.+?` *n*