CVE-2022-25901

cookiejar Regular Expression Denial of Service via Cookie.parse function in npm/cookiejar

Identifiers

CVE-2022-25901, GHSA-h452-7996-h45h

Package Slug

npm/cookiejar

Vulnerability

cookiejar Regular Expression Denial of Service via Cookie.parse function

Description

Versions of the package cookiejar before 2.1.4 is vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

Affected Versions

All versions up to 2.1.3

Solution

Upgrade to version 2.1.4 or above.

Last Modified

2023-01-24

source