Lucene search
HistoryJan 31, 2023 - 5:15 a.m.
CVE-2022-25881
package vulnerability
http-cache-semantics
malicious request
cache policy
server
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.3
Confidence
High
EPSS
0.002
Percentile
57.4%
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Affected configurations
Node
http-cache-semantics_projecthttp-cache-semanticsRange<4.1.1node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| http-cache-semantics_project | http-cache-semantics | * | cpe:2.3:a:http-cache-semantics_project:http-cache-semantics:*:*:*:*:*:node.js:*:* |
Related
redhatcve
redhatcve
CVE-2022-25881
2023-01-31 09:06:43
osv
osv
http-cache-semantics vulnerable to Regular Expression Denial of Service
2023-01-31 06:30:26
CGA-92f2-wx89-q5ff
2024-06-06 12:25:19
corepack18-18.16.0-1.1 on GA media
2024-06-15 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-02-08 10:17:54
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:1924-1)
2023-04-21 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:1876-1)
2023-04-20 00:00:00
RHEL 8 : dotnet6.0 (Unpatched Vulnerability)
2024-06-03 00:00:00
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1923-1)
2023-04-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1871-1)
2023-04-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1875-1)
2023-04-18 00:00:00
cve
cve
CVE-2022-25881
2023-01-31 05:15:11
prion
prion
Design/Logic Flaw
2023-01-31 05:15:00
github
github
http-cache-semantics vulnerable to Regular Expression Denial of Service
2023-01-31 06:30:26
cbl_mariner
cbl_mariner
CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2
2023-08-03 02:51:21
cgr
cgr
CVE-2022-25881 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2022-25881
2023-01-31 05:00:01
redhat
redhat
almalinux
almalinux
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-04-04 00:00:00
Important: nodejs:14 security, bug fix, and enhancement update
2023-04-12 00:00:00
oraclelinux
oraclelinux
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-05-17 00:00:00
nodejs:18 security, bug fix, and enhancement update
2023-04-05 00:00:00
nodejs:14 security, bug fix, and enhancement update
2023-04-12 00:00:00
rocky
rocky
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-05-25 19:53:09
nodejs:18 security, bug fix, and enhancement update
2023-04-06 15:52:43
nodejs:14 security, bug fix, and enhancement update
2023-04-26 15:28:13
wordfence
wordfence
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.3
Confidence
High
EPSS
0.002
Percentile
57.4%
Related for NVD:CVE-2022-25881