8 lines
376 B
Plaintext
8 lines
376 B
Plaintext
Regular expression injections occur when the application retrieves
|
|
untrusted data and uses it as a regex to pattern match a string with it.
|
|
|
|
Most regular expression search engines use _backtracking_ to try all possible
|
|
regex execution paths when evaluating an input. Sometimes this can lead to
|
|
performance problems also referred to as _catastrophic backtracking_ situations.
|
|
|