CVE-2022-25858

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions terser versions prior to 4.8.1 terser versions 5.0.0 through 5.14.2

Description The issue is related to a Denial of Service by Regular Expression (ReDoS) due to the insecure usage of regular expressions. This can lead to a service disruption.

Recommendations For versions prior to 4.8.1, update to version 4.8.1 or later. For versions 5.0.0 through 5.14.2, update to version 5.14.2 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

AZL-44460

AZL-44553

CVE-2022-25858

GHSA-4WF5-VPHF-C2XC

SNYK-JAVA-ORGWEBJARSNPM-2949722

SNYK-JS-TERSER-2806366

Affected Products

Debian

Red Os

Terser

CVE-2022-25858

Weakness Enumeration

Related Identifiers

Affected Products

References · 18