CVE-2021-23362medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
References
https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
https://github.com/npm/hosted-git-info/commits/v2
https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
Details
Source: MITRE
Published: 2021-03-23
Updated: 2021-06-08
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Impact Score: 1.4
Exploitability Score: 3.9
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 153822 | FreeBSD : Node.js -- July 2021 Security Releases (c174118e-1b11-11ec-9d9d-0022489ad614) | Nessus | FreeBSD Local Security Checks | medium |
| 153553 | RHEL 8 : nodejs:12 (RHSA-2021:3639) | Nessus | Red Hat Local Security Checks | high |
| 153552 | RHEL 8 : nodejs:12 (RHSA-2021:3638) | Nessus | Red Hat Local Security Checks | high |
| 152498 | Oracle Linux 8 : nodejs:12 (ELSA-2021-3073) | Nessus | Oracle Linux Local Security Checks | medium |
| 152495 | Oracle Linux 8 : nodejs:14 (ELSA-2021-3074) | Nessus | Oracle Linux Local Security Checks | medium |
| 152474 | openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1) | Nessus | SuSE Local Security Checks | high |
| 152468 | CentOS 8 : nodejs:12 (CESA-2021:3073) | Nessus | CentOS Local Security Checks | medium |
| 152455 | CentOS 8 : nodejs:14 (CESA-2021:3074) | Nessus | CentOS Local Security Checks | medium |
| 152451 | RHEL 8 : nodejs:14 (RHSA-2021:3074) | Nessus | Red Hat Local Security Checks | medium |
| 152443 | RHEL 8 : nodejs:12 (RHSA-2021:3073) | Nessus | Red Hat Local Security Checks | medium |
| 152272 | SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:2326-1) | Nessus | SuSE Local Security Checks | high |
| 152258 | openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:2618-1) | Nessus | SuSE Local Security Checks | high |
| 152253 | SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2618-1) | Nessus | SuSE Local Security Checks | high |
| 152251 | SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2620-1) | Nessus | SuSE Local Security Checks | high |
| 152133 | RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932) | Nessus | Red Hat Local Security Checks | medium |
| 152132 | RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931) | Nessus | Red Hat Local Security Checks | medium |
| 151975 | Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities | Nessus | Misc. | medium |
| 151823 | openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1059-1) | Nessus | SuSE Local Security Checks | high |
| 151818 | openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:1061-1) | Nessus | SuSE Local Security Checks | high |
| 151814 | openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1060-1) | Nessus | SuSE Local Security Checks | high |
| 151765 | SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2021:2354-1) | Nessus | SuSE Local Security Checks | high |
| 151758 | SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2353-1) | Nessus | SuSE Local Security Checks | high |
| 151745 | openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:2354-1) | Nessus | SuSE Local Security Checks | high |
| 151727 | openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:2327-1) | Nessus | SuSE Local Security Checks | high |
| 151723 | openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2353-1) | Nessus | SuSE Local Security Checks | high |
| 151656 | SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:2323-1) | Nessus | SuSE Local Security Checks | high |
| 151655 | SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:2327-1) | Nessus | SuSE Local Security Checks | high |
| 151650 | SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:2319-1) | Nessus | SuSE Local Security Checks | high |