Описание
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.9.7 (включая) до 2.2.2 (включая)
cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
Конфигурация 2Версия от 5.0.6.0 (включая) до 5.0.6.5 (включая)Версия от 5.0.7.0 (включая) до 5.0.7.2 (включая)
Одно из
cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_connect:5.0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00921
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 5.3
redhat
больше 9 лет назад
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVSS3: 5.3
github
больше 7 лет назад
ReDoS via long string of semicolons in tough-cookie
EPSS
Процентиль: 75%
0.00921
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20