Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Remediation
References
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/
Related Vulnerabilities
CVE-2018-20834 Vulnerability in maven package org.webjars.npm:tar
CVE-2021-29479 Vulnerability in maven package io.ratpack:ratpack-core
CVE-2023-3442 Vulnerability in maven package io.jenkins.plugins:servicenow-devops
CVE-2022-25871 Vulnerability in npm package querymen
CVE-2021-40865 Vulnerability in maven package org.apache.storm:storm-server