Описание
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 2.1.4+~2.1.2-1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| kinetic | not-affected | code not present |
| lunar | ignored | end of life, was needs-triage |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...
cookiejar Regular Expression Denial of Service via Cookie.parse function
Уязвимость функции Cookie.parse() библиотеки CookieJar, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3