CVE-2022-25858

high

Description

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

References

Advisories
More

https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012

https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b

https://snyk.io/vuln/SNYK-JS-TERSER-2806366

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722

https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135

Details

Source: Mitre, NVD

Published: 2022-07-15

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H