CVE-2022-25901

🗓️ 18 Jan 2023 05:11:15Reported by [email protected]Type

Versions of cookiejar package (before 2.1.4) vulnerable to ReDoS via Cookie.parse functio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 29
RedhatCVE	CVE-2022-25901	18 Jan 202309:05	–	redhatcve
CVE	CVE-2022-25901	18 Jan 202305:15	–	cve
Prion	Design/Logic Flaw	18 Jan 202305:15	–	prion
UbuntuCve	CVE-2022-25901	18 Jan 202300:00	–	ubuntucve
Vulnrichment	CVE-2022-25901	18 Jan 202305:00	–	vulnrichment
Tenable Nessus	Debian dla-3561 : node-cookiejar - security update	12 Sep 202300:00	–	nessus
OpenVAS	Debian: Security Advisory (DLA-3561-1)	12 Sep 202300:00	–	openvas
Veracode	Regular Expression Denial Of Service (ReDoS)	24 Jan 202304:53	–	veracode
Debian CVE	CVE-2022-25901	18 Jan 202305:15	–	debiancve
Debian	[SECURITY] [DLA 3561-1] node-cookiejar security update	12 Sep 202301:00	–	debian

Nvd

Node

cookiejar_project cookiejarRange≤2.1.3node.js

Source	Link
security	www.security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
github	www.github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73
lists	www.lists.debian.org/debian-lts-announce/2023/09/msg00008.html
github	www.github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5
github	www.github.com/bmeck/node-cookiejar/pull/39
security	www.security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Jan 2023 05:15Current

6.3Medium risk

Vulners AI Score6.3

CVSS37.5

EPSS0.00035

CWE-1333

package vulnerability redos cookie.parse insecure_regexcve-2022-25901