admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-25901.md

21 lines
993 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-25901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25901)
![](https://img.shields.io/static/v1?label=Product&message=cookiejar&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=org.webjars.npm%3Acookiejar&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Regular%20Expression%20Denial%20of%20Service%20(ReDoS)&color=brighgreen)
### Description
Update CVE sources 2024-06-22 09:37
2024-06-22 09:37:59 +00:00
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### POC
#### Reference
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681
- https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
#### Github
- https://github.com/trong0dn/eth-todo-list
Reference in New Issue Copy Permalink