Описание
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-cookiejar | fixed | 2.1.4+~2.1.2-1 | package | |
| node-cookiejar | fixed | 2.1.2-1+deb11u1 | bullseye | package |
Примечания
https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
https://github.com/bmeck/node-cookiejar/pull/39
https://github.com/bmeck/node-cookiejar/commit/a9a320c3c49d65df491f5721969cfbf9e128d9af
https://github.com/bmeck/node-cookiejar/commit/eaa00021caf6ae09449dde826108153b578348e5
https://github.com/bmeck/node-cookiejar/commit/ccb012da6dcfd58aaed792824f83d7227df8dea1
EPSS
Связанные уязвимости
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
cookiejar Regular Expression Denial of Service via Cookie.parse function
Уязвимость функции Cookie.parse() библиотеки CookieJar, позволяющая нарушителю вызвать отказ в обслуживании
EPSS