CVE-2022-1929

MEDIUM

devcert - DoS

Title source: llm

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

References (1)

[Exploit, Third Party Advisory] https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/

Scores

CVSS v3 5.9

EPSS 0.0018

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-1333

Status published

Products (2)

devcert_project/devcert < 1.2.1

npm/devcert 0 - 1.2.1npm

Published Jun 02, 2022

Tracked Since Feb 18, 2026