Описание
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
This advisory is withdawn.
cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7.
Summary of http-cache-semantics vulnerability
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Details
Пакеты
Наименование
cacheable-request
npm
Затронутые версииВерсия исправления
< 10.2.7
10.2.7
7.5 High
CVSS3
Дефекты
CWE-1333
7.5 High
CVSS3
Дефекты
CWE-1333