Lucene search
Veracode Vulnerability DatabaseVERACODE:35410HistoryMay 06, 2022 - 10:34 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-05-0610:34:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
35.7%
hawk is vulnerable to regular expression denial of service (ReDoS) attacks. An attacker is able to increase the computational time exponentially by adding a huge number of characters through Hawk.utils.parseHost function to slowdown and cause denial of service conditions in the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hawk | le | 9.0.0 | |
| hawk | le | 9.0.0 | |
| node-hawk:sid | eq | 8.0.1+dfsg-1 | |
| node-hawk:bullseye | eq | 8.0.1+dfsg-1 |
Related
osv
osv
Uncontrolled Resource Consumption in Hawk
2022-05-23 20:18:14
CVE-2022-29167
2022-05-05 23:15:09
node-hawk vulnerability
2023-05-30 09:09:52
ubuntucve
ubuntucve
CVE-2022-29167
2022-05-05 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0086)
2024-04-05 00:00:00
Ubuntu: Security Advisory (USN-6116-1)
2023-05-31 00:00:00
Debian: Security Advisory (DLA-3246-1)
2022-12-23 00:00:00
github
github
Uncontrolled Resource Consumption in Hawk
2022-05-23 20:18:14
redhatcve
redhatcve
CVE-2022-29167
2022-05-06 01:59:35
nessus
nessus
RHEL 6 : hawk (Unpatched Vulnerability)
2024-05-11 00:00:00
Debian DLA-3246-1 : node-hawk - LTS security update
2022-12-23 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : hawk vulnerability (USN-6116-1)
2023-05-30 00:00:00
nvd
nvd
CVE-2022-29167
2022-05-05 23:15:09
debiancve
debiancve
CVE-2022-29167
2022-05-05 23:15:09
prion
prion
Cross site request forgery (csrf)
2022-05-05 23:15:00
mageia
mageia
Updated nodejs-hawk packages fix security vulnerability
2024-03-24 07:57:19
debian
debian
[SECURITY] [DLA 3246-1] node-hawk security update
2022-12-23 09:00:52
cve
cve
CVE-2022-29167
2022-05-05 23:15:09
ubuntu
ubuntu
hawk vulnerability
2023-05-30 00:00:00
cvelist
cvelist
CVE-2022-29167 ReDoS vulnerability in header parsing in hawk
2022-05-05 22:55:10
