CVE-2022-25858

Опубликовано: 15 июл. 2022

Источник: debian

EPSS Низкий

Описание

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-terser	fixed	4.8.1-1		package
node-terser	no-dsa		bullseye	package

Примечания

https://snyk.io/vuln/SNYK-JS-TERSER-2806366
https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b (v5.14.2)
https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 (v4.8.1)

EPSS

Процентиль: 87%

0.03306

Низкий

Связанные уязвимости

CVE-2022-25858

CVSS3: 5.3

ubuntu

около 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 7.5

redhat

около 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 5.3

nvd

около 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVE-2022-25858

CVSS3: 7.5

msrc

3 месяца назад

Описание отсутствует

GHSA-4wf5-vphf-c2xc

CVSS3: 7.5

github

около 3 лет назад

Terser insecure use of regular expressions leads to ReDoS

EPSS

Процентиль: 87%

0.03306

Низкий