CVE-2022-25901

Name of the Vulnerable Software and Affected Versions cookiejar versions prior to 2.1.4

Description The issue is related to the Cookie.parse function in the cookiejar package, which uses an insecure regular expression. This can lead to a Regular Expression Denial of Service (ReDoS) if untrusted input is passed to cookie values or attempted to parse from request headers. As a result, applications could be stalled for extended periods of time.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Cookie.parse function to minimize the risk of exploitation. Avoid passing untrusted input to cookie values or attempting to parse from request headers until the issue is resolved.