Vulnerable Package issue exists @ Npm-http-cache-semantics-3.8.1 in branch main
http-cache semantics prior to 4.1.1 contains an Inefficient Regular Expression Complexity, leading to Denial of Service. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Vulnerable Package issue exists @ Npm-http-cache-semantics-3.8.1 in branch main
http-cache semantics prior to 4.1.1 contains an Inefficient Regular Expression Complexity, leading to Denial of Service. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1333
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 4.1.1
References Advisory Commit