CVE-2022-2596

Inefficient Regular Expression Complexity in node-fetch/node-fetch

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

Una Denegación de Servicio en el repositorio de GitHub node-fetch/node-fetch versiones anteriores a 3.2.10

*Credits: N/A

CVSS Scores

NISTv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-01 CVE Reserved
2022-08-01 CVE Published
2024-02-22 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-1333: Inefficient Regular Expression Complexity

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7	2024-08-03

URL	Date	SRC
https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d	2023-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Node-fetch Project Search vendor "Node-fetch Project"		Node-fetch Search vendor "Node-fetch Project" for product "Node-fetch"				>= 3.0.0 < 3.2.10 Search vendor "Node-fetch Project" for product "Node-fetch" and version " >= 3.0.0 < 3.2.10"		node.js		Affected