CVE-2022-25887 - OpenCVE

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apostrophecms	Sanitize-html

Configuration 1 [-]

cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c	Patch Third Party Advisory
https://github.com/apostrophecms/sanitize-html/pull/557	Issue Tracking Patch Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102	Patch Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2022-08-30T00:00:00

Updated: 2022-08-30T05:00:20

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25887

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-30T05:15:07.727

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-25887

JSON object: View

Redhat Information

No data.

CWE

CWE-1333

{"containers": {"cna": {"affected": [{"product": "sanitize-html", "vendor": "n/a", "versions": [{"lessThan": "2.7.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nariyoshi Chida of NTT Security Japan"}], "datePublic": "2022-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Regular Expression Denial of Service (ReDoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-30T05:00:20", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526"}, {"tags": ["x_refsource_MISC"], "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/apostrophecms/sanitize-html/pull/557"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c"}], "title": "Regular Expression Denial of Service (ReDoS)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-08-30T05:00:02.403842Z", "ID": "CVE-2022-25887", "STATE": "PUBLIC", "TITLE": "Regular Expression Denial of Service (ReDoS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "sanitize-html", "version": {"version_data": [{"version_affected": "<", "version_value": "2.7.1"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Nariyoshi Chida of NTT Security Japan"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Regular Expression Denial of Service (ReDoS)"}]}]}, "references": {"reference_data": [{"name": "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526", "refsource": "MISC", "url": "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526"}, {"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102", "refsource": "MISC", "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102"}, {"name": "https://github.com/apostrophecms/sanitize-html/pull/557", "refsource": "MISC", "url": "https://github.com/apostrophecms/sanitize-html/pull/557"}, {"name": "https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c", "refsource": "MISC", "url": "https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25887", "datePublished": "2022-08-30T00:00:00", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2022-08-30T05:00:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apostrophecms:sanitize-html:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "07CE3D84-F7A6-47CA-83D7-7A91E58D47B8", "versionEndExcluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal."}, {"lang": "es", "value": "El paquete sanitize-html versiones anteriores a 2.7.1, es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) debido a una inseguridad de la l\u00f3gica de reemplazo global de expresiones regulares en la eliminaci\u00f3n de comentarios HTML"}], "id": "CVE-2022-25887", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-08-30T05:15:07.727", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c"}, {"source": "report@snyk.io", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/apostrophecms/sanitize-html/pull/557"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}]}