All vulnerabilities
CVE-2022-25881
http-cache-semantics vulnerable to Regular Expression Denial of Service
Description
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
7.5
Severity
High
Ecosystem
JavaScript
Publish Date
January 31, 2023
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions

