CVE-2022-25858

MEDIUM

Terser < 4.8.1 - Denial of Service

Title source: rule
STIX 2.1

Description

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

References (5)

Scores

CVSS v3 5.3
EPSS 0.0356
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-1333
Status published
Products (2)
npm/terser 0 - 4.8.1npm
terser/terser < 4.8.1
Published Jul 15, 2022
Tracked Since Feb 18, 2026