Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Remediation
References
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/
Related Vulnerabilities
CVE-2021-27290 Vulnerability in npm package ssri
CVE-2021-37712 Vulnerability in npm package tar
CVE-2021-32828 Vulnerability in maven package org.nuxeo.ecm.platform:nuxeo-platform-oauth
CVE-2022-25973 Vulnerability in npm package mc-kill-port
CVE-2020-28500 Vulnerability in maven package org.webjars.bower:lodash