CVE-2022-25858

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-25858
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25858.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-25858
Aliases
Downstream
Related
  • SNYK-JAVA-ORGWEBJARSNPM-2949722
  • SNYK-JS-TERSER-2806366
Published
2022-07-15T20:15:08.427Z
Modified
2026-03-14T14:59:31.699944Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

References

Affected packages

Git / github.com/terser/terser

Affected ranges

Type
GIT
Repo
https://github.com/terser/terser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
40674a433e2b2fd9dfe7aaa93a0da224fb5e76b9
Introduced
aacd5770d9364ecaca80ff450fe329e021ac98aa
Fixed
c5cb19de2baafa1db60b1e8c387d9d995844f7ef
Fixed
a4da7349fdc92c05094f41d33d06d8cd4e90e76b
Fixed
d8cc5691be980d663c29cc4d5ce67e852d597012
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.8.1"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.14.2"
        }
    ]
}

Affected versions

v5.*
v5.0.0
v5.1.0
v5.10.0
v5.11.0
v5.12.0
v5.12.1
v5.13.0
v5.13.1
v5.14.0
v5.14.1
v5.2.0
v5.2.1
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.4.0
v5.5.0
v5.5.1
v5.6.0
v5.6.1
v5.7.0
v5.7.1
v5.7.2
v5.8.0
v5.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25858.json"