CVE-2022-1929
MEDIUMdevcert < 1.2.1 - Denial of Service via Inefficient Regular Expression in certificateFor Method
Title source: llmDescription
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/
Scores
CVSS v3
5.9
EPSS
0.0059
EPSS Percentile
43.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-1333
Status
published
Products (2)
devcert_project/devcert
< 1.2.1
npm/devcert
0 - 1.2.1npm
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026