Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Remediation
References
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/
Related Vulnerabilities
CVE-2018-20059 Vulnerability in maven package ro.pippo:pippo-jaxb
CVE-2008-6504 Vulnerability in maven package com.opensymphony:xwork
CVE-2022-37265 Vulnerability in npm package steal
CVE-2021-23337 Vulnerability in maven package org.webjars.npm:lodash
CVE-2020-26291 Vulnerability in maven package org.webjars.npm:urijs