CVE-2022-25881

CVE-2022-25881 affects the http-cache-semantics package, specifically versions before 4.1.1. The issue can be exploited by sending malicious request header values to a server that reads the cache policy from the request using this library. This is a header/input handling vulnerability in the clie...

CVE-2022-25881

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

http-cache-semantics 安全漏洞

npm http-cache-semantics is an application from npm USA. It is used to analyze cache controls and other headers to help build correct HTTP caches and proxies. A security vulnerability exists in versions of http-cache-semantics prior to 4.1.1, which stems from an issue that can be exploited via...

@2109-t5/server (>=1.0.0 <=1.0.9), @accounter/green-invoice-graphql (>=0.7.2-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8 <=0.7.3-alpha-20250224164805-3a96c9f8d619656e3b6a8c0d26319b937adbafe6) +207 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=4.0.3 <=4.1.0)

http-cache-semantics NPM version =4.0.3, =1.0.0, =0.7.2-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8, =0.2.3-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8, =0.2.3-alpha-20241120214048-10c1c799e5b6e6f25a0ba6b04c8e435c733deff8, =1.1.3, =3.0.0, =1.9.19, =1.18.0,...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. PoC Run the following script in...