1. Home
  2. Security Advisories
  3. NPM
  4. NPM:GHSA-RC47-6667-2J5J

[NPM:GHSA-RC47-6667-2J5J] http-cache-semantics vulnerable to Regular Expression Denial of Service

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Package Affected Version
pkg:npm/org.webjars.npm/http-cache-semantics < 4.1.1
pkg:npm/http-cache-semantics < 4.1.1
Package Fixed Version
pkg:npm/org.webjars.npm/http-cache-semantics = 4.1.1
pkg:npm/http-cache-semantics = 4.1.1
ID
NPM:GHSA-RC47-6667-2J5J
Severity
high
URL
https://github.com/advisories/GHSA-rc47-6667-2j5j
Published
2023-01-31T06:30:26
(19 months ago)
Modified
2023-06-22T17:26:15
(15 months ago)
Rights
NPM Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:npm/org.webjars.npm/http-cache-semantics org.webjars.npm http-cache-semantics < 4.1.1
Fixed pkg:npm/org.webjars.npm/http-cache-semantics org.webjars.npm http-cache-semantics = 4.1.1
Affected pkg:npm/http-cache-semantics http-cache-semantics < 4.1.1
Fixed pkg:npm/http-cache-semantics http-cache-semantics = 4.1.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date