Описание
Terser insecure use of regular expressions leads to ReDoS
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-25858
- https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b
- https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012
- https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722
- https://snyk.io/vuln/SNYK-JS-TERSER-2806366
Пакеты
terser
< 4.8.1
4.8.1
terser
>= 5.0.0, < 5.14.2
5.14.2
Связанные уязвимости
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...