Home > Vulnerability Database > CVE-2022-1929

Mend.io Vulnerability Database

CVE-2022-1929

Good to know:

Date: June 1, 2022

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

Language: TYPE_SCRIPT

Severity Score

5.9

Related Resources (6)

Url: https://github.com/davewasmer/devcert

Url: https://github.com/davewasmer/devcert/commit/b0763215f6683271d296fda98f7ef7bcd4a55977

Url: https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352

Url: https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1929

Url: https://www.mend.io/vulnerability-database/CVE-2022-1929

Severity Score

5.9

Weakness Type (CWE)

Incorrect Comparison

CWE-697

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version devcert - 1.2.1

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1929

Good to know:

Date: June 1, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?