CVE-2022-25858 Vulnerability in npm package terser

Description

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Remediation

References

https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135

https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b

https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722

https://snyk.io/vuln/SNYK-JS-TERSER-2806366

Related Vulnerabilities

CVE-2023-48293 Vulnerability in maven package org.xwiki.contrib:xwiki-application-admintools

CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13

CVE-2020-28246 Vulnerability in maven package org.webjars.npm:formio

CVE-2021-32808 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4

CVE-2022-23620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H