Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1929: devcert ReDoS | XRAY-211352

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

CVE
Open in Source
#dos#nodejs

CVE-2022-1929 | CVSS 5.9

JFrog Severity:medium

Published 30 May. 2022 | Last updated 30 May. 2022

Exponential ReDoS in devcert leads to denial of service

devcert

devcert (,1.2.0], fixed in 1.2.1

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

‘0’ + '000’.repeat(i) + ‘\x00’

No mitigations are supplied for this issue

NVD

Related news

GHSA-fp36-299x-pwmw: Regular expression denial of service in devcert

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE