CVE-2022-25881
Summary
| CVE | CVE-2022-25881 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-31 05:15:00 UTC |
|---|
| Updated | 2023-11-07 03:44:00 UTC |
|---|
| Description | This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 |
MISC |
github.com |
|
| CVE-2022-25881 HTTP-Cache-Semantics Vulnerability in NetApp Products | NetApp Product Security |
MISC |
security.netapp.com |
|
| Regular Expression Denial of Service (ReDoS) in http-cache-semantics | CVE-2022-25881 | Snyk |
MISC |
security.snyk.io |
|
| Regular Expression Denial of Service (ReDoS) in org.webjars.npm:http-cache-semantics | CVE-2022-25881 | Snyk |
MISC |
security.snyk.io |
|
| http-cache-semantics/index.js at main · kornelski/http-cache-semantics · GitHub |
MITRE |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160533 Oracle Enterprise Linux Security Update for nodejs:18 (ELSA-2023-1583)
- 160535 Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2023-1582)
- 160547 Oracle Enterprise Linux Security Update for nodejs:14 (ELSA-2023-1743)
- 160639 Oracle Enterprise Linux Security Update for nodejs:18 (ELSA-2023-2654)
- 160640 Oracle Enterprise Linux Security Update for nodejs and nodejs-nodemon (ELSA-2023-2655)
- 241304 Red Hat Update for nodejs:14 security (RHSA-2023:1533)
- 241307 Red Hat Update for nodejs:18 security (RHSA-2023:1583)
- 241332 Red Hat Update for nodejs:16 security (RHSA-2023:1582)
- 241341 Red Hat Update for nodejs:14 security (RHSA-2023:1742)
- 241342 Red Hat Update for nodejs:14 security (RHSA-2023:1743)
- 241343 Red Hat Update for rh-nodejs14-nodejs security (RHSA-2023:1744)
- 241429 Red Hat Update for nodejs and nodejs-nodemon security (RHSA-2023:2655)
- 241457 Red Hat Update for nodejs:18 security (RHSA-2023:2654)
- 242132 Red Hat Update for nodejs security (RHSA-2023:5533)
- 355234 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-128
- 378467 Alibaba Cloud Linux Security Update for nodejs:14 (ALINUX3-SA-2023:0037)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 753916 SUSE Enterprise Linux Security Update for nodejs10 (SUSE-SU-2023:1871-1)
- 753919 SUSE Enterprise Linux Security Update for nodejs12 (SUSE-SU-2023:1876-1)
- 753920 SUSE Enterprise Linux Security Update for nodejs14 (SUSE-SU-2023:1875-1)
- 753929 SUSE Enterprise Linux Security Update for nodejs16 (SUSE-SU-2023:1923-1)
- 905365 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (13173)
- 907104 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (13173-1)
- 940976 AlmaLinux Security Update for nodejs:16 (ALSA-2023:1582)
- 940977 AlmaLinux Security Update for nodejs:18 (ALSA-2023:1583)
- 940979 AlmaLinux Security Update for nodejs:14 (ALSA-2023:1743)
- 941013 AlmaLinux Security Update for nodejs and nodejs-nodemon (ALSA-2023:2655)
- 941014 AlmaLinux Security Update for nodejs:18 (ALSA-2023:2654)
- 960893 Rocky Linux Security Update for nodejs:18 (RLSA-2023:1583)
- 960902 Rocky Linux Security Update for nodejs:16 (RLSA-2023:1582)
- 960917 Rocky Linux Security Update for nodejs:14 (RLSA-2023:1743)
- 960937 Rocky Linux Security Update for nodejs and nodejs-nodemon (RLSA-2023:2655)
