Lucene search

[email protected]NVD:CVE-2022-37259

HistorySep 20, 2022 - 6:15 p.m.

CVE-2022-37259

2022-09-2018:15:10

CWE-1333

[email protected]

web.nvd.nist.gov

cve-2022-37259

regular expression denial of service

stealjs

babel.js

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.6%

JSON

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.

Affected configurations

Nvd

Node

stealjsstealMatch2.2.4node.js

VendorProductVersionCPE
stealjssteal2.2.4cpe:2.3:a:stealjs:steal:2.2.4:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
stealjs	steal	2.2.4	cpe:2.3:a:stealjs:steal:2.2.4:::::node.js::

References

github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54124

github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54129

github.com/stealjs/steal/issues/1528

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.6%

JSON

Related for NVD:CVE-2022-37259

osv2 github1 cve1 veracode1 cvelist1 prion1