CVE-2022-2596 Inefficient Regular Expression Complexity in node-fetch/node-fetch

🗓️ 01 Aug 2022 14:13:20Reported by @huntrdevType

Inefficient Regular Expression Complexity in node-fetc

Reporter	Title	Published	Views	Family All 25
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	25 Oct 202214:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-2596	4 Nov 202217:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform	17 Feb 202315:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities	9 Nov 202218:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	20 Jun 202304:41	–	ibm
Huntr	Inefficient Regular Expression Complexity	5 Jul 202204:02	–	huntr
ATTACKERKB	CVE-2022-2596	1 Aug 202215:15	–	attackerkb
CNNVD	node-fetch 资源管理错误漏洞	1 Aug 202200:00	–	cnnvd
CVE	CVE-2022-2596	1 Aug 202214:13	–	cve
Debian CVE	CVE-2022-2596	1 Aug 202214:13	–	debiancve

[
  {
    "defaultStatus": "unaffected",
    "product": "node-fetch/node-fetch",
    "vendor": "node-fetch",
    "versions": [
      {
        "status": "unaffected",
        "version": "3.2.10"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d
huntr	www.huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7

11 Jul 2023 07:07Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.9

EPSS0.00225

CWE-1333