Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
References
Link | Resource |
---|---|
https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73 | Broken Link |
https://github.com/bmeck/node-cookiejar/pull/39 | Patch Third Party Advisory |
https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html | |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984 | Exploit Third Party Advisory |
Configurations
History
12 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. | |
References |
|
Information
Published : 2023-01-18 05:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-25901
Mitre link : CVE-2022-25901
CVE.ORG link : CVE-2022-25901
JSON object : View
Products Affected
cookiejar_project
- cookiejar
CWE
CWE-1333
Inefficient Regular Expression Complexity