All vulnerabilities

CVE-2022-25881

http-cache-semantics vulnerable to Regular Expression Denial of Service

Description

http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
7.5
Severity
High
Ecosystem
JavaScript
Publish Date
January 31, 2023
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions