Incorrect Comparison
CVE-2022-1929
Summary
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package before 1.2.1, when an attacker is able to supply arbitrary input to the certificateFor method.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
References
Advisory Timeline
- Published