CVE-2022-25901
5.3MEDIUMVersions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Publicado: 1/18/2023Atualizado: 2/13/2025
Descrição
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Análise IADesenvolvido por IA
Produtos Afetados
cookiejar_projectcookiejar
Referências
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory
- https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73Broken Link
- https://github.com/bmeck/node-cookiejar/pull/39PatchThird Party Advisory
- https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984ExploitThird Party Advisory