CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cookiejar_project:cookiejar:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 06:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.3
References () https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73 - Broken Link () https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73 - Broken Link
References () https://github.com/bmeck/node-cookiejar/pull/39 - Patch, Third Party Advisory () https://github.com/bmeck/node-cookiejar/pull/39 - Patch, Third Party Advisory
References () https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5 - Patch, Third Party Advisory () https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5 - Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html - () https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html -
References () https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681 - Exploit, Third Party Advisory () https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681 - Exploit, Third Party Advisory
References () https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984 - Exploit, Third Party Advisory () https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984 - Exploit, Third Party Advisory

12 Sep 2023, 03:15

Type Values Removed Values Added
Summary Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html -

Information

Published : 2023-01-18 05:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-25901

Mitre link : CVE-2022-25901

CVE.ORG link : CVE-2022-25901


JSON object : View

Products Affected

cookiejar_project

  • cookiejar
CWE
CWE-1333

Inefficient Regular Expression Complexity