Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for devcert by devcert

    CVE-2022-1929 (GCVE-0-2022-1929)

    Vulnerability from nvd – Published: 2022-06-01 16:47 – Updated: 2024-09-16 23:11
    VLAI
    Title
    Exponential ReDoS in devcert
    Summary
    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    devcert devcert Affected: unspecified , < 1.2.1 (custom)
    Create a notification for this product.
    Date Public
    2022-05-29 00:00
    Credits
    Denys Vozniuk from JFrog Security Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:17:00.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "devcert",
              "vendor": "devcert",
              "versions": [
                {
                  "lessThan": "1.2.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Denys Vozniuk from JFrog Security Research"
            }
          ],
          "datePublic": "2022-05-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333 Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T16:47:58.000Z",
            "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
            "shortName": "JFROG"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Exponential ReDoS in devcert",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@jfrog.com",
              "DATE_PUBLIC": "2022-05-29T23:05:00.000Z",
              "ID": "CVE-2022-1929",
              "STATE": "PUBLIC",
              "TITLE": "Exponential ReDoS in devcert"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "devcert",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "",
                                "version_value": "1.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "devcert"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Denys Vozniuk from JFrog Security Research"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1333 Inefficient Regular Expression Complexity"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/",
                  "refsource": "MISC",
                  "url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "assignerShortName": "JFROG",
        "cveId": "CVE-2022-1929",
        "datePublished": "2022-06-01T16:47:58.826Z",
        "dateReserved": "2022-05-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:15.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1929 (GCVE-0-2022-1929)

    Vulnerability from cvelistv5 – Published: 2022-06-01 16:47 – Updated: 2024-09-16 23:11
    VLAI
    Title
    Exponential ReDoS in devcert
    Summary
    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    devcert devcert Affected: unspecified , < 1.2.1 (custom)
    Create a notification for this product.
    Date Public
    2022-05-29 00:00
    Credits
    Denys Vozniuk from JFrog Security Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:17:00.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "devcert",
              "vendor": "devcert",
              "versions": [
                {
                  "lessThan": "1.2.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Denys Vozniuk from JFrog Security Research"
            }
          ],
          "datePublic": "2022-05-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333 Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T16:47:58.000Z",
            "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
            "shortName": "JFROG"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Exponential ReDoS in devcert",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@jfrog.com",
              "DATE_PUBLIC": "2022-05-29T23:05:00.000Z",
              "ID": "CVE-2022-1929",
              "STATE": "PUBLIC",
              "TITLE": "Exponential ReDoS in devcert"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "devcert",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "",
                                "version_value": "1.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "devcert"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Denys Vozniuk from JFrog Security Research"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1333 Inefficient Regular Expression Complexity"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/",
                  "refsource": "MISC",
                  "url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "assignerShortName": "JFROG",
        "cveId": "CVE-2022-1929",
        "datePublished": "2022-06-01T16:47:58.826Z",
        "dateReserved": "2022-05-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:15.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }