Lucene search
Veracode Vulnerability DatabaseVERACODE:36570HistoryAug 02, 2022 - 3:12 p.m.
Regular Expression Denial Of Service (ReDoS)
2022-08-0215:12:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
38.1%
Node-fetch is vulnerable to denial of service. The vulnerability lies in the referrer field in the fetch() function, leading to inefficient Regular Expression Complexity. If an attacker is able to use a large character string in the referrer field, the program will either hang or crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| node-fetch | le | 3.2.9 | |
| node-fetch | le | 3.2.9 |
Related
osv
osv
node-fetch Inefficient Regular Expression Complexity
2022-08-02 00:00:25
CVE-2022-2596
2022-08-01 15:15:09
huntr
huntr
Inefficient Regular Expression Complexity
2022-07-05 04:02:46
cve
cve
CVE-2022-2596
2022-08-01 15:15:09
debiancve
debiancve
CVE-2022-2596
2022-08-01 15:15:09
redhatcve
redhatcve
CVE-2022-2596
2022-08-02 11:39:48
ubuntucve
ubuntucve
CVE-2022-2596
2022-08-01 00:00:00
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-08-01 15:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-2596
2022-11-04 17:35:10
Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities
2022-11-09 18:53:30
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2022-10-25 14:32:34
nvd
nvd
CVE-2022-2596
2022-08-01 15:15:09
github
github
node-fetch Inefficient Regular Expression Complexity
2022-08-02 00:00:25