CVE-2022-25901 Vulnerability in npm package cookiejar

Description

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

Remediation

References

https://github.com/bmeck/node-cookiejar/blob/master/cookiejar.js%23L73

https://github.com/bmeck/node-cookiejar/pull/39

https://github.com/bmeck/node-cookiejar/pull/39/commits/eaa00021caf6ae09449dde826108153b578348e5

https://lists.debian.org/debian-lts-announce/2023/09/msg00008.html

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3176681

https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984

Related Vulnerabilities

CVE-2019-25028 Vulnerability in maven package com.vaadin:vaadin-server

CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet

CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2022-31018 Vulnerability in maven package com.typesafe.play:play_2.13

CVE-2023-5572 Vulnerability in npm package @vrite/sdk

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H