CVE-2022-1929

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1929

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1929.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1929

Aliases

GHSA-fp36-299x-pwmw

Published

2022-06-02T14:15:33.973Z

Modified

2026-03-14T11:24:41.682715Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

References

https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.2.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1929.json"