GHSA-4wf5-vphf-c2xc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4wf5-vphf-c2xc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-4wf5-vphf-c2xc/GHSA-4wf5-vphf-c2xc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4wf5-vphf-c2xc
- Aliases
- Published
- 2022-07-16T00:00:20Z
- Modified
- 2025-01-14T10:57:13.174999Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Terser insecure use of regular expressions leads to ReDoS
- Details
-
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
- Database specific
{ "cwe_ids": [ "CWE-1333" ], "severity": "HIGH", "github_reviewed": true, "nvd_published_at": "2022-07-15T20:15:00Z", "github_reviewed_at": "2022-07-20T01:21:59Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-25858
- https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b
- https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012
- https://github.com/terser/terser
- https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722
- https://snyk.io/vuln/SNYK-JS-TERSER-2806366
Affected packages
npm / terser
Package
- Name
- terser
- View open source insights on deps.dev
- Purl
- pkg:npm/terser
npm / terser
Package
- Name
- terser
- View open source insights on deps.dev
- Purl
- pkg:npm/terser