[NPM:GHSA-RC47-6667-2J5J] http-cache-semantics vulnerable to Regular Expression Denial of Service
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Package | Affected Version |
---|---|
pkg:npm/org.webjars.npm/http-cache-semantics | < 4.1.1 |
pkg:npm/http-cache-semantics | < 4.1.1 |
Package | Fixed Version |
---|---|
pkg:npm/org.webjars.npm/http-cache-semantics | = 4.1.1 |
pkg:npm/http-cache-semantics | = 4.1.1 |
- ID
- NPM:GHSA-RC47-6667-2J5J
- Severity
- high
- URL
- https://github.com/advisories/GHSA-rc47-6667-2j5j
- Published
-
2023-01-31T06:30:26
(19 months ago) - Modified
-
2023-06-22T17:26:15
(15 months ago) - Rights
- NPM Security Team
- Other Advisories
-
- ALSA-2023:1582
- ALSA-2023:1583
- ALSA-2023:1743
- ALSA-2023:2654
- ALSA-2023:2655
- ELSA-2023-1582
- ELSA-2023-1583
- ELSA-2023-1743
- ELSA-2023-2654
- ELSA-2023-2655
- MAVEN:GHSA-RC47-6667-2J5J
- RHSA-2023:1582
- RHSA-2023:1583
- RHSA-2023:1743
- RHSA-2023:2654
- RHSA-2023:2655
- RLSA-2023:2655
- SUSE-SU-2023:1871-1
- SUSE-SU-2023:1872-1
- SUSE-SU-2023:1875-1
- SUSE-SU-2023:1876-1
- SUSE-SU-2023:1923-1
- SUSE-SU-2023:1924-1
- SUSE-SU-2023:1942-1
- SUSE-SU-2023:2662-1
- SUSE-SU-2023:2669-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:npm/org.webjars.npm/http-cache-semantics | org.webjars.npm | http-cache-semantics | < 4.1.1 | |||
Fixed | pkg:npm/org.webjars.npm/http-cache-semantics | org.webjars.npm | http-cache-semantics | = 4.1.1 | |||
Affected | pkg:npm/http-cache-semantics | http-cache-semantics | < 4.1.1 | ||||
Fixed | pkg:npm/http-cache-semantics | http-cache-semantics | = 4.1.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |