Incorrect Regular Expression

CWE-185

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

41%-Pip
35%-NPM
11%-Go
11%-Others

Short description

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

Extended description

When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.

Best practices to prevent this CWE

Phase: Architecture and Design

Strategy: Refactoring

Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression.

Recently published CVEs

CVE-2024-2223
CVE-2020-1741
CVE-2019-14993
CVE-2019-12798
CVE-2018-20801

Recently published GHSA

GHSA-7v9p-34r2-q668
GHSA-qcvw-82hh-gq38
GHSA-prcq-52f8-fp44
GHSA-9pq7-rcxv-47vq
GHSA-qvjc-g5vr-mfgr

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo