SYM_RB_0071 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Regular Expression
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-185: Incorrect Regular Expression |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses format validations with regular expressions that do not explicitly anchor the start (\A) and end (\Z) of the input. This means partial or unintended matches can slip through, allowing invalid or malicious input to be accepted.
Impact
Attackers could bypass input validation by crafting payloads that only partially match the intended pattern, potentially leading to security issues such as unauthorized access, account creation with invalid data, or injection attacks. This weakens the reliability of input checks and may expose sensitive functionality or data.