Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.2.1
- Patched version(s): 1.2.1
References
Related Issues
- jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method - CVE-2022-31147
- steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on November 29, 2023