CVE-2022-25901
5.3MEDIUMVersions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Publicado: 1/18/2023Actualizado: 2/13/2025
Descripción
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Análisis IAImpulsado por IA
Productos Afectados
cookiejar_projectcookiejar
Referencias
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory