• SocketIO / EngineIO DoS

    May 2020
    Quite a while ago, I reported an application Denial of Service vulnerability in the Socket.IO / Engine.IO parser implementations in nodejs and python. A single HTTP POST request can cause extreme CPU and memory usage, but in nodejs, a single HTTP POST request can even kill the server with a Javascript heap out of memory fatal error…
  • User-agent parsing REDoS (CVE‑2020‑5243)

    February 2020
    Due to my research into Regular Expression Denial-of-Service (REDoS), I found and (after bug bounties) finally publicly reported CVE-2020-5243 in uap-core. Dependent packages uap-python, uap-ruby, etc are/were vulnerable…
  • Two REDoS vulns in cpython

    November 2019
    I ran my top-secret REDoS-finding engine over the python code in cpython and found two remotely-exploitable vulnerabilities. Making a request to a malicious web server leads to denial of service (approximately infinite CPU time)…
  • Apache Zeppelin Vulnerability + Metasploit

    May 2019
    Apache Zeppelin is a “Web-based notebook that enables data-driven, interactive data analytics and collaborative documents…” which is very similar to Jupyter notebook. Notebook servers offer polyglot Remote Code Execution (RCE) by design, so gaining access to one would make pwning the entire Hadoop cluster and all its data fairly simple…

[blog by caller] Correspondence welcome at ℬ㏒ {@} ㎈ℓℯℛ.ⓧⓨℤ