CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cookiejar_project:cookiejar:*:*:*:*:*:node.js:*:*

History

12 Sep 2023, 03:15

Type Values Removed Values Added
Summary Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html -

Information

Published : 2023-01-18 05:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-25901

Mitre link : CVE-2022-25901

CVE.ORG link : CVE-2022-25901


JSON object : View

Products Affected

cookiejar_project

  • cookiejar
CWE
CWE-1333

Inefficient Regular Expression Complexity