Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Remediation
References
https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/
Related Vulnerabilities
CVE-2021-43859 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-39022 Vulnerability in maven package opensymphony:oscore
CVE-2022-25881 Vulnerability in npm package http-cache-semantics
CVE-2020-10968 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-38666 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration