CVE-2022-25901
5.3MEDIUMVersions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Published: 1/18/2023Updated: 2/13/2025
Description
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
AI AnalysisPowered by AI
Affected Products
cookiejar_projectcookiejar
References
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory