Lucene search

[email protected]NVD:CVE-2022-25901

HistoryJan 18, 2023 - 5:15 a.m.

CVE-2022-25901

2023-01-1805:15:11

CWE-1333

[email protected]

web.nvd.nist.gov

package vulnerability redos cookie.parse insecure_regexcve-2022-25901

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

Affected configurations

NVD

Node

cookiejar_projectcookiejarRange≤2.1.3node.js

References

github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73

github.com/bmeck/node-cookiejar/pull/39

github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5

lists.debian.org/debian-lts-announce/2023/09/msg00008.html

security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681

security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for NVD:CVE-2022-25901

ubuntucve1 prion1 openvas1 nessus1 cve1 redhatcve1 debiancve1 veracode1 osv2 debian1 github1 cvelist1 ibm10