CVE-2022-25858

Опубликовано: 15 июл. 2022

Источник: debian

EPSS Низкий

Описание

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-terser	fixed	4.8.1-1		package
node-terser	no-dsa		bullseye	package

Примечания

https://snyk.io/vuln/SNYK-JS-TERSER-2806366
https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b (v5.14.2)
https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 (v4.8.1)

EPSS

Процентиль: 83%

0.01993

Низкий

Связанные уязвимости

CVE-2022-25858

CVSS3: 5.3

ubuntu

почти 3 года назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 7.5

redhat

почти 3 года назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 5.3

nvd

почти 3 года назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 7.5

msrc

около 1 месяца назад

Описание отсутствует

GHSA-4wf5-vphf-c2xc

CVSS3: 7.5

github

почти 3 года назад

Terser insecure use of regular expressions leads to ReDoS

EPSS

Процентиль: 83%

0.01993

Низкий