Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
References
Configurations
History
21 Nov 2024, 06:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73 - Broken Link | |
References | () https://github.com/bmeck/node-cookiejar/pull/39 - Patch, Third Party Advisory | |
References | () https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5 - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html - | |
References | () https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681 - Exploit, Third Party Advisory | |
References | () https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984 - Exploit, Third Party Advisory |
12 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. | |
References |
|
Information
Published : 2023-01-18 05:15
Updated : 2024-11-21 06:53
NVD link : CVE-2022-25901
Mitre link : CVE-2022-25901
CVE.ORG link : CVE-2022-25901
JSON object : View
Products Affected
cookiejar_project
- cookiejar
CWE
CWE-1333
Inefficient Regular Expression Complexity