Описание
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Ссылки
- Broken Link
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Broken Link
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...
cookiejar Regular Expression Denial of Service via Cookie.parse function
Уязвимость функции Cookie.parse() библиотеки CookieJar, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3