Incorrect Comparison

CVE-2022-1929

High

7.5/10

Summary

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package before 1.2.1, when an attacker is able to supply arbitrary input to the certificateFor method.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory
Disclosure
Pull request

Advisory Timeline

Published Jun 02, 2022

Incorrect Comparison

CVE-2022-1929

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS