Lucene search

CVE-2022-25918 Regular Expression Denial of Service (ReDoS)

🗓️ 27 Oct 2022 05:09:05Reported by snykType

Package shescape vulnerable to ReDoS via escape function in index.j

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2022-25918	27 Oct 202210:15	–	nvd
OSV	Inefficient Regular Expression Complexity in shescape	25 Oct 202222:27	–	osv
OSV	CVE-2022-25918	27 Oct 202210:15	–	osv
Veracode	Regular Expression Denial Of Service (ReDoS)	28 Oct 202205:35	–	veracode
Prion	Code injection	27 Oct 202210:15	–	prion
CVE	CVE-2022-25918	27 Oct 202210:15	–	cve
Github Security Blog	Inefficient Regular Expression Complexity in shescape	25 Oct 202222:27	–	github

[
  {
    "vendor": "n/a",
    "product": "shescape",
    "versions": [
      {
        "version": "1.5.10",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "1.6.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/ericcornelissen/shescape/releases/tag/v1.6.1
github	www.github.com/ericcornelissen/shescape/commit/552e8eab56861720b1d4e5474fb65741643358f9
github	www.github.com/ericcornelissen/shescape/blob/main/src/unix.js%23L52
security	www.security.snyk.io/vuln/SNYK-JS-SHESCAPE-3061108

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Oct 2022 05:05Current

7.7High risk

Vulners AI Score7.7

CVSS35.3

EPSS0.00225