65 matches found
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
Important: nodejs
Issue Overview: This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. CVE-2022-25881 Affected Packages: nodejs Issue...
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023
Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of servic...
SUSE CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...
GHSA-8X6C-CV3V-VP6G Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...
PT-2023-33000 · Unknown · Http-Cache-Semantics +1
Name of the Vulnerable Software and Affected Versions: http-cache-semantics versions prior to 4.1.1 cacheable-request versions prior to 10.2.7 Description: The issue is related to an Inefficient Regular Expression Complexity in http-cache-semantics, which can lead to Denial of Service. This can b...
CVE-2022-25881
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
GHSA-RC47-6667-2J5J http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...
com.github.linyuzai:concept-router-spring-boot-starter (=1.1.0), org.webjars.npm:cacheable-request (=2.1.4) +5 more potentially affected by CVE-2022-25881 via org.webjars.npm:http-cache-semantics (=3.8.1)
org.webjars.npm:http-cache-semantics MAVEN version =3.8.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:http-cache-semantics and may be impacted: - com.github.linyuzai:concept-router-spring-boot-starter =1.1.0 -...
-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +21418 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=3.7.3 <=4.1.0)
http-cache-semantics NPM version =3.7.3, =1.0.0, =2.5.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2022-25881 Source advisory: OSV:GHSA-RC47-6667-2J5J...
http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...
AZL-13173 CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
AZL-43768 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-4
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
AZL-44958 CVE-2022-25881 affecting package nodejs-nodemon 2.0.3-5
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
CVE-2022-25881
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...