CVE-2022-25858 Vulnerability in maven package org.webjars.npm:terser

Description

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Remediation

References

https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722

https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012

https://snyk.io/vuln/SNYK-JS-TERSER-2806366

https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135

Related Vulnerabilities

CVE-2022-25848 Vulnerability in npm package static-dev-server

CVE-2022-39249 Vulnerability in npm package matrix-js-sdk

CVE-2021-21388 Vulnerability in npm package systeminformation

CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:jasper

CVE-2017-2612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H