Lucene search
Veracode Vulnerability DatabaseVERACODE:36394HistoryJul 18, 2022 - 1:11 p.m.
Regular Expression Denial Of Service (ReDoS)
2022-07-1813:11:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27
0.002 Low
EPSS
Percentile
58.4%
terser is vulnerable to regular expression denial of service. The vulnerability exists in index.js and evaluate.js because regular expressions used are not properly handled which allows an attacker to send crafted requests which causes an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| terser | le | 5.14.1 | |
| terser | le | 5.7.1 | |
| terser | le | 5.14.1 | |
| terser | le | 5.7.1 | |
| node-terser:sid | eq | 4.1.2-7 | |
| grafana | eq | 7.5.15__3.el8 | |
| grafana | eq | 6.7.4__1.el8 | |
| grafana | eq | 7.5.7__2.el8 | |
| grafana | eq | 7.5.9__2.el8 | |
| grafana | eq | 7.5.9__3.el8 |
Related
debiancve
debiancve
CVE-2022-25858
2022-07-15 20:15:08
cvelist
cvelist
CVE-2022-25858 Regular Expression Denial of Service (ReDoS)
2022-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2022-25858
2022-07-15 00:00:00
osv
osv
CVE-2022-25858
2022-07-15 20:15:08
Terser insecure use of regular expressions leads to ReDoS
2022-07-16 00:00:20
cve
cve
CVE-2022-25858
2022-07-15 20:15:08
ibm
ibm
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:02:59
prion
prion
Code injection
2022-07-15 20:15:00
nvd
nvd
CVE-2022-25858
2022-07-15 20:15:08
redhatcve
redhatcve
CVE-2022-25858
2022-09-13 09:13:31
github
github
Terser insecure use of regular expressions leads to ReDoS
2022-07-16 00:00:20
nessus
nessus
RHEL 9 : pcs (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : pcs (Unpatched Vulnerability)
2024-06-03 00:00:00
Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)
2024-05-02 00:00:00
redos
redos
ROS-20240704-07
2024-07-04 00:00:00
redhat
redhat