CVE-2022-25881 – http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS)

https://notcve.org/view.php?id=CVE-2022-25881

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. Esto afecta a las versiones del paquete http-cache-semantics anteriores a la 4.1.1. El problema se puede explotar mediante valores de encabezado de solicitud maliciosos enviados a un servidor, cuando ese servidor lee la política de caché de la solicitud utilizando esta librería. A flaw was found in http-cache-semantics. • https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 https://security.netapp.com/advisory/ntap-20230622-0008 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332 https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783 https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 • CWE-1333: Inefficient Regular Expression Complexity •