Search
Find a vulnerability
Search criteria
2 vulnerabilities found for terser by terser
CVE-2022-25858 (GCVE-0-2022-25858)
Vulnerability from nvd – Published: 2022-07-15 20:00 – Updated: 2024-09-16 19:45
VLAI
Title
Regular Expression Denial of Service (ReDoS)
Summary
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Severity
5.3 (Medium)
CWE
- Regular Expression Denial of Service (ReDoS)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-TERSER-2806366 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722 | x_refsource_MISC |
| https://github.com/terser/terser/blob/master/lib/… | x_refsource_MISC |
| https://github.com/terser/terser/commit/a4da7349f… | x_refsource_MISC |
| https://github.com/terser/terser/commit/d8cc5691b… | x_refsource_MISC |
Impacted products
Date Public
2022-07-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "terser",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.14.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "F\u00e1bio Santos"
}
],
"datePublic": "2022-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Regular Expression Denial of Service (ReDoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T20:00:19.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012"
}
],
"title": "Regular Expression Denial of Service (ReDoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-07-15T20:00:10.074191Z",
"ID": "CVE-2022-25858",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service (ReDoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "terser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.1"
},
{
"version_affected": "\u003e=",
"version_value": "5.0.0"
},
{
"version_affected": "\u003c",
"version_value": "5.14.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "F\u00e1bio Santos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Regular Expression Denial of Service (ReDoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722"
},
{
"name": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135",
"refsource": "MISC",
"url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135"
},
{
"name": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b",
"refsource": "MISC",
"url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b"
},
{
"name": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012",
"refsource": "MISC",
"url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25858",
"datePublished": "2022-07-15T20:00:19.590Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:45:47.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25858 (GCVE-0-2022-25858)
Vulnerability from cvelistv5 – Published: 2022-07-15 20:00 – Updated: 2024-09-16 19:45
VLAI
Title
Regular Expression Denial of Service (ReDoS)
Summary
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Severity
5.3 (Medium)
CWE
- Regular Expression Denial of Service (ReDoS)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-TERSER-2806366 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722 | x_refsource_MISC |
| https://github.com/terser/terser/blob/master/lib/… | x_refsource_MISC |
| https://github.com/terser/terser/commit/a4da7349f… | x_refsource_MISC |
| https://github.com/terser/terser/commit/d8cc5691b… | x_refsource_MISC |
Impacted products
Date Public
2022-07-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "terser",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.14.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "F\u00e1bio Santos"
}
],
"datePublic": "2022-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Regular Expression Denial of Service (ReDoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T20:00:19.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012"
}
],
"title": "Regular Expression Denial of Service (ReDoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-07-15T20:00:10.074191Z",
"ID": "CVE-2022-25858",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service (ReDoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "terser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.1"
},
{
"version_affected": "\u003e=",
"version_value": "5.0.0"
},
{
"version_affected": "\u003c",
"version_value": "5.14.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "F\u00e1bio Santos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Regular Expression Denial of Service (ReDoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722"
},
{
"name": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135",
"refsource": "MISC",
"url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135"
},
{
"name": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b",
"refsource": "MISC",
"url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b"
},
{
"name": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012",
"refsource": "MISC",
"url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25858",
"datePublished": "2022-07-15T20:00:19.590Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:45:47.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}