Search criteria
2 vulnerabilities found for devcert by devcert
CVE-2022-1929 (GCVE-0-2022-1929)
Vulnerability from nvd – Published: 2022-06-01 16:47 – Updated: 2024-09-16 23:11
VLAI?
Title
Exponential ReDoS in devcert
Summary
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Severity ?
5.9 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Denys Vozniuk from JFrog Security Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert",
"vendor": "devcert",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"datePublic": "2022-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T16:47:58",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Exponential ReDoS in devcert",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@jfrog.com",
"DATE_PUBLIC": "2022-05-29T23:05:00.000Z",
"ID": "CVE-2022-1929",
"STATE": "PUBLIC",
"TITLE": "Exponential ReDoS in devcert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "devcert"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/",
"refsource": "MISC",
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2022-1929",
"datePublished": "2022-06-01T16:47:58.826173Z",
"dateReserved": "2022-05-28T00:00:00",
"dateUpdated": "2024-09-16T23:11:15.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1929 (GCVE-0-2022-1929)
Vulnerability from cvelistv5 – Published: 2022-06-01 16:47 – Updated: 2024-09-16 23:11
VLAI?
Title
Exponential ReDoS in devcert
Summary
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Severity ?
5.9 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Denys Vozniuk from JFrog Security Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert",
"vendor": "devcert",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"datePublic": "2022-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T16:47:58",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Exponential ReDoS in devcert",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@jfrog.com",
"DATE_PUBLIC": "2022-05-29T23:05:00.000Z",
"ID": "CVE-2022-1929",
"STATE": "PUBLIC",
"TITLE": "Exponential ReDoS in devcert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "devcert"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/",
"refsource": "MISC",
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2022-1929",
"datePublished": "2022-06-01T16:47:58.826173Z",
"dateReserved": "2022-05-28T00:00:00",
"dateUpdated": "2024-09-16T23:11:15.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}