CVE-2022-1929

Summary

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

Affected Software

VendorProductVersion RangeStatus
devcertdevcertunspecified < 1.2.1affected

Weaknesses

  • CWE-1333: CWE-1333 Inefficient Regular Expression Complexity

ADP Enrichment

CVE Program Container

Additional References

References