GHSA-fp36-299x-pwmw

Source

https://github.com/advisories/GHSA-fp36-299x-pwmw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-fp36-299x-pwmw/GHSA-fp36-299x-pwmw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fp36-299x-pwmw

Aliases

CVE-2022-1929

Published

2022-06-03T00:01:01Z

Modified

2023-11-08T04:07:51.823462Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Regular expression denial of service in devcert

Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

Database specific

{
    "cwe_ids": [
        "CWE-1333"
    ],
    "github_reviewed_at": "2022-06-03T22:27:34Z",
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

npm / devcert

Package

Name: devcert; View open source insights on deps.dev
Purl: pkg:npm/devcert

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-fp36-299x-pwmw/GHSA-fp36-299x-pwmw.json"