CVE-2022-1929

Exploit

EPSS 0.18%
Veröffentlicht 02.06.2022 14:15:33
Zuletzt bearbeitet 21.11.2024 06:41:46
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Devcert Project ≫ Devcert SwPlatformnode.js Version < 1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.395

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
reefs@jfrog.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-1929

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1929

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1929

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1929