JFrog Security Research
< Back

XRAY-211352 - devcert ReDoS

CVE-2022-1929 | CVSS 5.9

JFrog Severity:medium

Discovered ByDenys Vozniukof the JFrog Security Research Team

Published 30 May, 2022 | Last updated 30 May, 2022

Exponential ReDoS in devcert leads to denial of service


devcert (,1.2.0], fixed in 1.2.1

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

'0' + '000'.repeat(i) + '\\x00'

No mitigations are supplied for this issue


< Back