CVE-2022-2596 — Regex Denial of Service in Node-fetch

CWE-1333 — Regex Denial of Service CWE-400 — Uncontrolled Resource Consumption CWE-1898 documents7 sources

Severity

5.9MEDIUMNVD

CISA7.8

EPSS

0.2%

top 54.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Node-fetch Node-fetch Node-fetch Project Node-fetch

Timeline

PublishedAug 1

Latest updateSep 15

Description

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDnode-fetch_project/node-fetch3.0.0 — 3.2.10

▶npmnode-fetch_project/node-fetch3.0.0 — 3.2.10

▶CVEListV5node-fetch/node-fetch_node-fetch3.0.0 — unspecified

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

node-fetch Inefficient Regular Expression Complexity↗2022-08-02

▶

GHSA

node-fetch Inefficient Regular Expression Complexity↗2022-08-02

▶

CVEList

Inefficient Regular Expression Complexity in node-fetch/node-fetch↗2022-08-01

▶

OSV

CVE-2022-2596: Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3↗2022-08-01

▶

📋Vendor Advisories

CISA

Linux Kernel Integer Overflow Vulnerability↗2022-09-15

▶

Red Hat

node-fetch: Denial of Service in GitHub repository node-fetch↗2022-08-01

▶

Debian

CVE-2022-2596: node-fetch - Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-f...↗2022

▶