CVE-2022-25858

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-25858
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25858.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-25858
Aliases
Downstream
Related
  • SNYK-JAVA-ORGWEBJARSNPM-2949722
  • SNYK-JS-TERSER-2806366
Published
2022-07-15T20:15:08Z
Modified
2025-10-21T07:00:03.794818Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

References

Affected packages

Git / github.com/terser/terser

Affected ranges

Type
GIT
Repo
https://github.com/terser/terser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a4da7349fdc92c05094f41d33d06d8cd4e90e76b
Fixed
d8cc5691be980d663c29cc4d5ce67e852d597012

Affected versions

3.*

3.10.11

harmony-v2.*

harmony-v2.7.5
harmony-v2.8.0
harmony-v2.8.10
harmony-v2.8.11
harmony-v2.8.12
harmony-v2.8.13
harmony-v2.8.14
harmony-v2.8.15
harmony-v2.8.17
harmony-v2.8.19
harmony-v2.8.2
harmony-v2.8.21
harmony-v2.8.22
harmony-v2.8.4
harmony-v2.8.5
harmony-v2.8.7

harmony-v3.*

harmony-v3.0.0
harmony-v3.0.1
harmony-v3.0.10
harmony-v3.0.11
harmony-v3.0.12
harmony-v3.0.13
harmony-v3.0.14
harmony-v3.0.15
harmony-v3.0.17
harmony-v3.0.18
harmony-v3.0.19
harmony-v3.0.2
harmony-v3.0.20
harmony-v3.0.21
harmony-v3.0.22
harmony-v3.0.23
harmony-v3.0.24
harmony-v3.0.25
harmony-v3.0.26
harmony-v3.0.27
harmony-v3.0.28
harmony-v3.0.3
harmony-v3.0.4
harmony-v3.0.5
harmony-v3.0.6
harmony-v3.0.7
harmony-v3.0.8
harmony-v3.0.9
harmony-v3.1.0
harmony-v3.1.1
harmony-v3.1.10
harmony-v3.1.2
harmony-v3.1.3
harmony-v3.1.4
harmony-v3.1.5
harmony-v3.1.6
harmony-v3.1.7
harmony-v3.1.8
harmony-v3.1.9
harmony-v3.2.0
harmony-v3.2.1
harmony-v3.2.2
harmony-v3.3.0
harmony-v3.3.1
harmony-v3.3.10
harmony-v3.3.2
harmony-v3.3.3
harmony-v3.3.4
harmony-v3.3.5
harmony-v3.3.6
harmony-v3.3.7
harmony-v3.3.8
harmony-v3.3.9

v2.*

v2.0
v2.1
v2.1.1
v2.1.10
v2.1.11
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.4.0
v2.4.1
v2.4.10
v2.4.11
v2.4.12
v2.4.13
v2.4.14
v2.4.15
v2.4.16
v2.4.18
v2.4.19
v2.4.2
v2.4.20
v2.4.21
v2.4.22
v2.4.23
v2.4.24
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9

v3.*

v3.0.0
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.19
v3.0.2
v3.0.20
v3.0.21
v3.0.22
v3.0.23
v3.0.24
v3.0.25
v3.0.26
v3.0.27
v3.0.28
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.10
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.10.0
v3.10.1
v3.10.10
v3.10.11
v3.10.12
v3.10.13
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.11.0
v3.12.0
v3.13.0
v3.13.1
v3.14.0
v3.14.1
v3.16.0
v3.16.1
v3.17.0
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.10
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.7.7
v3.7.8
v3.8.0
v3.8.1
v3.8.2
v3.9.1
v3.9.2
v3.9.3

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.1.0
v4.1.2
v4.1.3
v4.2.1
v4.3.0
v4.3.1
v4.3.10
v4.3.11
v4.3.2
v4.3.3
v4.3.4
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.5.0
v4.6.0
v4.6.1
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.6.8
v4.6.9
v4.7.0
v4.8.0

v5.*

v5.0.0
v5.1.0
v5.10.0
v5.11.0
v5.12.0
v5.12.1
v5.13.0
v5.13.1
v5.14.0
v5.14.1
v5.2.0
v5.2.1
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.4.0
v5.5.0
v5.5.1
v5.6.0
v5.6.1
v5.7.0
v5.7.1
v5.7.2
v5.8.0
v5.9.0