Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.2.1
- Patched version(s): 1.2.1
References
Related Issues
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
- steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
- jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method - CVE-2022-31147
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on November 29, 2023