CVE-2022-25901: cookiejar Regular Expression Denial of Service via Cookie.parse function
(updated )
Versions of the package cookiejar before 2.1.4 is vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
References
- github.com/advisories/GHSA-h452-7996-h45h
- github.com/bmeck/node-cookiejar/blob/master/cookiejar.js
- github.com/bmeck/node-cookiejar/pull/39
- github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5
- nvd.nist.gov/vuln/detail/CVE-2022-25901
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681
- security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
Detect and mitigate CVE-2022-25901 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →