CVE-2021-23362

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

References

https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3

https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356

https://github.com/npm/hosted-git-info/commits/v2

https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7

https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01

Details

Source: MITRE

Published: 2021-03-23

Updated: 2021-06-08

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
153822FreeBSD : Node.js -- July 2021 Security Releases (c174118e-1b11-11ec-9d9d-0022489ad614)NessusFreeBSD Local Security Checks
medium
153553RHEL 8 : nodejs:12 (RHSA-2021:3639)NessusRed Hat Local Security Checks
high
153552RHEL 8 : nodejs:12 (RHSA-2021:3638)NessusRed Hat Local Security Checks
high
152498Oracle Linux 8 : nodejs:12 (ELSA-2021-3073)NessusOracle Linux Local Security Checks
medium
152495Oracle Linux 8 : nodejs:14 (ELSA-2021-3074)NessusOracle Linux Local Security Checks
medium
152474openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1)NessusSuSE Local Security Checks
high
152468CentOS 8 : nodejs:12 (CESA-2021:3073)NessusCentOS Local Security Checks
medium
152455CentOS 8 : nodejs:14 (CESA-2021:3074)NessusCentOS Local Security Checks
medium
152451RHEL 8 : nodejs:14 (RHSA-2021:3074)NessusRed Hat Local Security Checks
medium
152443RHEL 8 : nodejs:12 (RHSA-2021:3073)NessusRed Hat Local Security Checks
medium
152272SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:2326-1)NessusSuSE Local Security Checks
high
152258openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:2618-1)NessusSuSE Local Security Checks
high
152253SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2618-1)NessusSuSE Local Security Checks
high
152251SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2620-1)NessusSuSE Local Security Checks
high
152133RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)NessusRed Hat Local Security Checks
medium
152132RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)NessusRed Hat Local Security Checks
medium
151975Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple VulnerabilitiesNessusMisc.
medium
151823openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1059-1)NessusSuSE Local Security Checks
high
151818openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:1061-1)NessusSuSE Local Security Checks
high
151814openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1060-1)NessusSuSE Local Security Checks
high
151765SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2021:2354-1)NessusSuSE Local Security Checks
high
151758SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2353-1)NessusSuSE Local Security Checks
high
151745openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:2354-1)NessusSuSE Local Security Checks
high
151727openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:2327-1)NessusSuSE Local Security Checks
high
151723openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2353-1)NessusSuSE Local Security Checks
high
151656SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:2323-1)NessusSuSE Local Security Checks
high
151655SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:2327-1)NessusSuSE Local Security Checks
high
151650SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:2319-1)NessusSuSE Local Security Checks
high