Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Remediation
References
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/
Related Vulnerabilities
CVE-2020-28477 Vulnerability in maven package org.webjars.npm:immer
CVE-2023-50164 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2021-21166 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-26486 Vulnerability in npm package vega-functions
CVE-2021-32621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro