CVE-2022-25901
5.3MEDIUMVersions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
게시됨: 1/18/2023업데이트됨: 2/13/2025
설명
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
AI 분석AI 기반
영향받는 제품
cookiejar_projectcookiejar
참조
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory