This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

nessus 36

ibm 35

prion 1

cve 1

openvas 4

veracode 1

redhatcve 1

osv 10

cgr 1

github 1

cbl_mariner 1

redhat 17

oraclelinux 5

rocky 4

almalinux 5

wordfence 1

nessus

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-128)

2023-03-21 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : nodejs10 (SUSE-SU-2023:1871-1)

2023-04-18 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:1876-1)

2023-04-20 00:00:00

ibm

Security Bulletin: A vulnerability in Node.js http-cache-semantics package affects Data Replication on Cloud Pak for Data

2023-11-08 12:37:42

Security Bulletin: Vulnerability in Node.js http-cache-semantics affects IBM Cloud Pak System

2023-12-29 16:16:56

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to regular expression denial of service due to [CVE-2022-25881]

2023-04-28 11:53:48

prion

Design/Logic Flaw

2023-01-31 05:15:00

cve

CVE-2022-25881

2023-01-31 05:15:11

openvas

SUSE: Security Advisory (SUSE-SU-2023:1876-1)

2023-04-18 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1871-1)

2023-04-18 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1875-1)

2023-04-18 00:00:00

veracode

Regular Expression Denial Of Service (ReDoS)

2023-02-08 10:17:54

redhatcve

CVE-2022-25881

2023-01-31 09:06:43

osv

http-cache-semantics vulnerable to Regular Expression Denial of Service

2023-01-31 06:30:26

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-04-04 00:00:00

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-09 00:00:00

cgr

CVE-2022-25881 vulnerabilities

2024-05-19 03:07:16

github

http-cache-semantics vulnerable to Regular Expression Denial of Service

2023-01-31 06:30:26

cbl_mariner

CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2

2023-08-03 02:51:21

redhat

(RHSA-2023:1744) Important: rh-nodejs14-nodejs security, bug fix, and enhancement update

2023-04-12 14:38:13

(RHSA-2023:2655) Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-09 11:25:41

(RHSA-2023:1743) Important: nodejs:14 security, bug fix, and enhancement update

2023-04-12 14:37:46

oraclelinux

nodejs:18 security, bug fix, and enhancement update

2023-04-05 00:00:00

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-17 00:00:00

nodejs:14 security, bug fix, and enhancement update

2023-04-12 00:00:00

rocky

nodejs:18 security, bug fix, and enhancement update

2023-04-06 15:52:43

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-25 19:53:09

nodejs:14 security, bug fix, and enhancement update

2023-04-26 15:28:13

almalinux

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-09 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-04-04 00:00:00

Important: nodejs:14 security, bug fix, and enhancement update

2023-04-12 00:00:00

wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

2023-03-02 14:49:37

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for CVELIST:CVE-2022-25881