The parameter q of WS api/rules/repositories is executed as a regexp, without being escaped. It leads to two vulnerabilities:
- log flooding if value is not a valid regexp, for example q=%5B
- resource pressure
The parameter q of WS api/rules/repositories is executed as a regexp, without being escaped. It leads to two vulnerabilities: