CVE-2022-25858

Опубликовано: 15 июл. 2022

Источник: debian

EPSS Низкий

Описание

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-terser	fixed	4.8.1-1		package
node-terser	no-dsa		bullseye	package

Примечания

https://snyk.io/vuln/SNYK-JS-TERSER-2806366
https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b (v5.14.2)
https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 (v4.8.1)

EPSS

Процентиль: 86%

0.0284

Низкий

Связанные уязвимости

CVE-2022-25858

CVSS3: 5.3

ubuntu

больше 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 7.5

redhat

больше 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 5.3

nvd

больше 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 7.5

msrc

5 месяцев назад

Описание отсутствует

GHSA-4wf5-vphf-c2xc

CVSS3: 7.5

github

больше 3 лет назад

Terser insecure use of regular expressions leads to ReDoS

EPSS

Процентиль: 86%

0.0284

Низкий